Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2001-0986

4 documents4 sources
Severity
5.0MEDIUM
EPSS
74.1%
top 1.17%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Microsoft Index Server
Timeline
PublishedSep 14
Latest updateApr 30

Description

SQLQHit.asp sample file in Microsoft Index Server 2.0 allows remote attackers to obtain sensitive information such as the physical path, file attributes, or portions of source code by directly calling sqlqhit.asp with a CiScope parameter set to (1) webinfo, (2) extended_fileinfo, (3) extended_webinfo, or (4) fileinfo.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

Patches

Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

2
GHSA
GHSA-rwh7-p7fv-r943: SQLQHit↗2022-04-30
â–¶
CVEList
CVE-2001-0986: SQLQHit↗2002-02-02
â–¶

💥Exploits & PoCs

1
Exploit-DB
Microsoft Index Server 2.0 - File Information / Full Path Disclosure↗2001-09-14
â–¶
CVE-2001-0986 (MEDIUM CVSS 5) | SQLQHit.asp sample file in Microsof | cvebase.io