SQL Injection Flaw in Password Protect by Password Protect
CVE-2004-1647

Currently unrated

Key Information:

Vendor

Web Animations

Status
Password Protect
Vendor
CVE Published:
30 August 2004

What is CVE-2004-1647?

The SQL injection vulnerability in Password Protect allows remote attackers to exploit specific parameters in various ASP pages. By manipulating inputs such as 'admin' or 'Pass' in index_next.asp, and 'LoginId', 'OPass', or 'NPass' in CPassChangePassword.asp, attackers can execute arbitrary SQL statements. Additionally, flaws in users_edit.asp and users_add.asp further expose the system to potential unauthorized access and authentication bypass, enabling attackers to compromise the security integrity of the application.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://www.securityfocus.com/bid/11073
vdb-entryx_refsource_BID
http://marc.info/?l=bugtraq&m=109414967003192&w=2
mailing-listx_refsource_BUGTRAQ
https://exchange.xforce.ibmcloud.com/vulnerabilities/17188
vdb-entryx_refsource_XF

Timeline

  • Vulnerability Reserved

  • Vulnerability published

JSON
.