CVE-2004-2057 - OpenCVE

SQL injection vulnerability in ASPRunner 2.4 allows remote attackers to execute arbitrary SQL statements.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Xlinesoft	Asprunner

Configuration 1 [-]

OR	cpe:2.3:a:xlinesoft:asprunner:1.0:::::::*
	cpe:2.3:a:xlinesoft:asprunner:2.0:::::::*
	cpe:2.3:a:xlinesoft:asprunner:2.1:::::::*
	cpe:2.3:a:xlinesoft:asprunner:2.2:::::::*
	cpe:2.3:a:xlinesoft:asprunner:2.3:::::::*
	cpe:2.3:a:xlinesoft:asprunner:2.4:::::::*

References

Link	Resource
http://archives.neohapsis.com/archives/vulnwatch/2004-q3/0011.html	Exploit
http://ferruh.mavituna.com/article/?574	Exploit
http://marc.info/?l=bugtraq&m=109086977330418&w=2
http://secunia.com/advisories/12164
http://securitytracker.com/id?1010777
http://www.osvdb.org/8251
http://www.securityfocus.com/bid/10799	Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/16799

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2005-05-10T04:00:00

Updated: 2017-07-10T14:57:01

Reserved: 2005-05-04T00:00:00

Link: CVE-2004-2057

JSON object: View

NVD Information

Status : Modified

Published: 2004-12-31T05:00:00.000

Modified: 2017-07-11T01:31:35.637

Link: CVE-2004-2057

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2004-07-26T00:00:00", "descriptions": [{"lang": "en", "value": "SQL injection vulnerability in ASPRunner 2.4 allows remote attackers to execute arbitrary SQL statements."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-10T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://ferruh.mavituna.com/article/?574"}, {"name": "12164", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/12164"}, {"name": "8251", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/8251"}, {"name": "20040726 ASPRunner Multiple Vulnerabilities", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://marc.info/?l=bugtraq&m=109086977330418&w=2"}, {"name": "1010777", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1010777"}, {"name": "20040726 ASPRunner Multiple Vulnerabilities", "tags": ["mailing-list", "x_refsource_VULNWATCH"], "url": "http://archives.neohapsis.com/archives/vulnwatch/2004-q3/0011.html"}, {"name": "10799", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/10799"}, {"name": "asprunner-sql-injection(16799)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16799"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2004-2057", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "SQL injection vulnerability in ASPRunner 2.4 allows remote attackers to execute arbitrary SQL statements."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://ferruh.mavituna.com/article/?574", "refsource": "MISC", "url": "http://ferruh.mavituna.com/article/?574"}, {"name": "12164", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/12164"}, {"name": "8251", "refsource": "OSVDB", "url": "http://www.osvdb.org/8251"}, {"name": "20040726 ASPRunner Multiple Vulnerabilities", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq&m=109086977330418&w=2"}, {"name": "1010777", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1010777"}, {"name": "20040726 ASPRunner Multiple Vulnerabilities", "refsource": "VULNWATCH", "url": "http://archives.neohapsis.com/archives/vulnwatch/2004-q3/0011.html"}, {"name": "10799", "refsource": "BID", "url": "http://www.securityfocus.com/bid/10799"}, {"name": "asprunner-sql-injection(16799)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16799"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2004-2057", "datePublished": "2005-05-10T04:00:00", "dateReserved": "2005-05-04T00:00:00", "dateUpdated": "2017-07-10T14:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:xlinesoft:asprunner:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "9420D4DE-3E89-4F38-97E4-C2DDC422CB64", "vulnerable": true}, {"criteria": "cpe:2.3:a:xlinesoft:asprunner:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "A4D7B1E6-98EA-4036-8915-92A9950D88E6", "vulnerable": true}, {"criteria": "cpe:2.3:a:xlinesoft:asprunner:2.1:*:*:*:*:*:*:*", "matchCriteriaId": "CC50CDF3-927A-4E53-92F9-424B368DF6C6", "vulnerable": true}, {"criteria": "cpe:2.3:a:xlinesoft:asprunner:2.2:*:*:*:*:*:*:*", "matchCriteriaId": "C064DC74-8EC4-45F9-8003-18C517D715DC", "vulnerable": true}, {"criteria": "cpe:2.3:a:xlinesoft:asprunner:2.3:*:*:*:*:*:*:*", "matchCriteriaId": "DD325976-561F-4B0E-B7F9-E5C51619E64A", "vulnerable": true}, {"criteria": "cpe:2.3:a:xlinesoft:asprunner:2.4:*:*:*:*:*:*:*", "matchCriteriaId": "31B1F333-7FAA-4A29-815B-5A06CB1E54ED", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "SQL injection vulnerability in ASPRunner 2.4 allows remote attackers to execute arbitrary SQL statements."}], "id": "CVE-2004-2057", "lastModified": "2017-07-11T01:31:35.637", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2004-12-31T05:00:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://archives.neohapsis.com/archives/vulnwatch/2004-q3/0011.html"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://ferruh.mavituna.com/article/?574"}, {"source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq&m=109086977330418&w=2"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/12164"}, {"source": "cve@mitre.org", "url": "http://securitytracker.com/id?1010777"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/8251"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/10799"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16799"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}