Arbitrary SELECT Query Vulnerability in Vignette StoryServer and V/5

Arbitrary SELECT Query Vulnerability in Vignette StoryServer and V/5

CVE-2003-0399 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:P/A:N

Vignette StoryServer 4 and 5, Vignette V/5, and possibly other versions allows remote attackers to perform unauthorized SELECT queries by setting the vgn_creds cookie to an arbitrary value and directly accessing the save template.

Learn more about our Cis Benchmark Audit For Server Software.