| VID |
21375 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The aspWebAlbum installed on the remote web server is vulnerable to a SQL Injection Vulnerability.
aspWebAlbum is a program for creating and maintaining a Web-based photo album for Microsoft Windows platforms. aspWebAlbum is vulnerable to a SQL Injection vulnerability, caused by improper validation of user-supplied input in the 'album.asp' script. By inserting a specially crafted SQL command via the '/album.asp?action=login' script or the 'cat' field in the '/album.asp' script, a remote attacker could execute SQL commands on the target system or gain the sensitive information.
* References:
http://securitytracker.com/alerts/2004/Sep/1011411.html
http://archives.neohapsis.com/archives/bugtraq/2004-09/0352.html
* Platforms Affected:
Full Revolution, Inc., aspWebAlbum Any version
Microsoft Windows Any version |
| Recommendation |
No upgrade or patch available as of June 2014.
Upgrade to the new version of aspWebAlbum, when new version fixed this problem becomes available from the Full Revolution, Inc. Web site at http://www.fullrevolution.com/album_overview.asp |
| Related URL |
CVE-2004-1553 (CVE) |
| Related URL |
11246 (SecurityFocus) |
| Related URL |
17507 (ISS) |
|
