SQL Injection Vulnerability in aspWebAlbum: Remote Code Execution via Login and Album Parameters

SQL Injection Vulnerability in aspWebAlbum: Remote Code Execution via Login and Album Parameters

CVE-2004-1553 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

SQL injection vulnerability in aspWebAlbum allows remote attackers to execute arbitrary SQL statements via (1) the username field on the login page or (2) the cat parameter to album.asp. NOTE: it was later reported that vector 1 affects aspWebAlbum 3.2, and the vector involves the txtUserName parameter in a processlogin action to album.asp, as reachable from the login action.

Learn more about our Web App Pen Testing.