CVE-2004-2551
published 2004-12-31CVE-2004-2551: Multiple SQL injection vulnerabilities in Layton HelpBox 3.0.1 allow remote attackers to execute arbitrary SQL commands via (1) the sys_comment_id parameter in…
PriorityP340high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
2.29%
81.0th percentile
Multiple SQL injection vulnerabilities in Layton HelpBox 3.0.1 allow remote attackers to execute arbitrary SQL commands via (1) the sys_comment_id parameter in editcommentenduser.asp, (2) the sys_suspend_id parameter in editsuspensionuser.asp, (3) the table parameter in export_data.asp, (4) the sys_analgroup parameter in manageanalgrouppreference.asp, (5) the sys_asset_id parameter in quickinfoassetrequests.asp, (6) the sys_eusername parameter in quickinfoenduserrequests.asp, and the sys_request_id parameter in (7) requestauditlog.asp, (8) requestcommentsenduser.asp, (9) selectrequestapplytemplate.asp, and (10) selectrequestlink.asp, resulting in an ability to create a new HelpBox user account and read, modify, or delete data from the backend database.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| layton_technology | helpbox | — | — |
| layton_technology | helpbox | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-vg87-788x-wc87: Multiple SQL injection vulnerabilities in Layton HelpBox 3
ghsa_unreviewed·2022-05-01·CVSS 7.5
CVE-2007-5402 [HIGH] CWE-89 GHSA-vg87-788x-wc87: Multiple SQL injection vulnerabilities in Layton HelpBox 3
Multiple SQL injection vulnerabilities in Layton HelpBox 3.7.1 allow (1) remote attackers to execute arbitrary SQL commands via the sys_request_id parameter to editrequestenduser.asp; and allow remote authenticated users to execute arbitrary SQL commands via (2) the oldpassword parameter to writepwdenduser.asp, and the sys_request_id parameter to (3) changerequeststatus.asp, (4) editrequestuser.asp, (5) requestcommentsuser.asp, and (6) useractions.asp, different vectors than CVE-2004-2551.
GHSA
GHSA-cqf6-wpgm-m6gf: Multiple SQL injection vulnerabilities in Layton HelpBox 3
ghsa_unreviewed·2022-04-29
CVE-2004-2551 [HIGH] GHSA-cqf6-wpgm-m6gf: Multiple SQL injection vulnerabilities in Layton HelpBox 3
Multiple SQL injection vulnerabilities in Layton HelpBox 3.0.1 allow remote attackers to execute arbitrary SQL commands via (1) the sys_comment_id parameter in editcommentenduser.asp, (2) the sys_suspend_id parameter in editsuspensionuser.asp, (3) the table parameter in export_data.asp, (4) the sys_analgroup parameter in manageanalgrouppreference.asp, (5) the sys_asset_id parameter in quickinfoassetrequests.asp, (6) the sys_eusername parameter in quickinfoenduserrequests.asp, and the sys_request_id parameter in (7) requestauditlog.asp, (8) requestcommentsenduser.asp, (9) selectrequestapplytemplate.asp, and (10) selectrequestlink.asp, resulting in an ability to create a new HelpBox user account and read, modify, or delete data from the backend database.
No detection rules found.
No writeups or analysis indexed.
http://secunia.com/advisories/12118http://www.osvdb.org/8170http://www.osvdb.org/8171http://www.osvdb.org/8172http://www.osvdb.org/8173http://www.osvdb.org/8174http://www.osvdb.org/8175http://www.osvdb.org/8176http://www.osvdb.org/8177http://www.osvdb.org/8178http://www.osvdb.org/8179http://www.securiteam.com/windowsntfocus/5VP0S0ADFW.htmlhttp://www.securityfocus.com/bid/10776https://exchange.xforce.ibmcloud.com/vulnerabilities/16772https://exchange.xforce.ibmcloud.com/vulnerabilities/16774http://secunia.com/advisories/12118http://www.osvdb.org/8170http://www.osvdb.org/8171http://www.osvdb.org/8172http://www.osvdb.org/8173http://www.osvdb.org/8174http://www.osvdb.org/8175http://www.osvdb.org/8176http://www.osvdb.org/8177http://www.osvdb.org/8178http://www.osvdb.org/8179http://www.securiteam.com/windowsntfocus/5VP0S0ADFW.htmlhttp://www.securityfocus.com/bid/10776https://exchange.xforce.ibmcloud.com/vulnerabilities/16772https://exchange.xforce.ibmcloud.com/vulnerabilities/16774
2004-12-31
Published