SQL Injection Vulnerability in Member Management System by Unknown Vendor
CVE-2004-1843

Currently unrated

Key Information:

Vendor: Unknown Vendor
Status: Member Management System
Vendor: CVE Published:; 20 March 2004

🔔 Create Unknown Vendor Vulnerability Alert

What is CVE-2004-1843?

The Member Management System 2.1 contains an SQL injection vulnerability that allows remote attackers to execute arbitrary SQL commands through manipulated requests to the application's ID parameter. This flaw is present in specific scripts such as resend.asp and news_view.asp, which can be exploited to gain unauthorized access to sensitive database information. Attackers may leverage this vulnerability to conduct unauthorized queries, potentially leading to data exposure and manipulation.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/15551

vdb-entryx_refsource_XF

http://marc.info/?l=bugtraq&m=107999697625786&w=2

mailing-listx_refsource_BUGTRAQ

http://secunia.com/advisories/11179

third-party-advisoryx_refsource_SECUNIA

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
May 4, 2005
Vulnerability published
Mar 20, 2004