PT-2004-3097 · Duclassified · Duclassified

Published

2004-12-31

Updated

2017-07-11

CVE-2004-2202

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions DUclassified versions 4.0 through 4.2

Description The issue allows remote attackers to bypass authentication and execute commands on the server's underlying database. This can be achieved via the cat id or sub id parameters in "adDetail.asp", or the password parameter in the login form.

Recommendations For versions 4.0 through 4.2, consider restricting access to the adDetail.asp page and the login form until a patch is available. As a temporary workaround, avoid using the cat id, sub id, and password parameters in the affected API endpoints until the issue is resolved.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2004-2202

Affected Products

Duclassified

PT-2004-3097 · Duclassified · Duclassified

CVE-2004-2202

Related Identifiers

Affected Products

References · 8