CVE-2004-2561

Name of the Vulnerable Software and Affected Versions Web+Center version 4.0.1

Description The issue concerns SQL injection vulnerabilities that allow remote attackers to execute arbitrary SQL commands. This can be achieved via the ISS TECH CENTER LOGIN cookie in the "search.asp" endpoint and one or more cookies in the "DoCustomerOptions.asp" endpoint. The estimated number of potentially affected devices and details about real-world incidents are not specified.

Recommendations For Web+Center version 4.0.1, consider restricting access to the search.asp and DoCustomerOptions.asp endpoints until a fix is available. As a temporary workaround, avoid using the ISS TECH CENTER LOGIN cookie in these endpoints to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.