CVE-2004-2746
published 2004-12-31CVE-2004-2746: SQL injection vulnerability in adminlogin.asp in XTREME ASP Photo Gallery 2.0 allows remote attackers to execute arbitrary SQL commands via the (1) username…
PriorityP343high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
2.96%
85.5th percentile
SQL injection vulnerability in adminlogin.asp in XTREME ASP Photo Gallery 2.0 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| pensacola_web_designs | xtremeasp_photogallery | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Suricata
ET WEB_SPECIFIC_APPS Kentico Xperience CMS Authentication Bypass Attempt (CVE-2025-2746)
suricata·2025-04-03·CVSS 9.8
CVE-2025-2746 [CRITICAL] ET WEB_SPECIFIC_APPS Kentico Xperience CMS Authentication Bypass Attempt (CVE-2025-2746)
ET WEB_SPECIFIC_APPS Kentico Xperience CMS Authentication Bypass Attempt (CVE-2025-2746)
Rule: alert http1 any any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS Kentico Xperience CMS Authentication Bypass Attempt (CVE-2025-2746)"; flow:established,to_server; http.method; content:"POST"; http.uri; bsize:33; content:"/CMSPages/Staging/SyncServer.asmx"; fast_pattern; http.header; content:"SOAPAction|3a 20 22 3c|http|3a 2f 2f|localhost|2f|SyncWebService|2f|SyncServer|2f|ProcessSynchronizationTaskData|3e 22|"; http.request_body; content:"|3c|soap|3a|Header|3e|"; content:"|3c|wsse|3a|UsernameToken|3e|"; within:300; content:"|3c|wsse|3a|Username|3e|"; within:30; content:"|3c|wsse|3a|Password|20|Type|3d 22 3c|http|3a|//docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0|23|P
No writeups or analysis indexed.
http://secunia.com/advisories/10659http://securityreason.com/securityalert/3346http://securitytracker.com/id?1008745http://www.osvdb.org/3585http://www.pensacolawebdesigns.com/xtremeasp/readmore.asphttp://www.securityfocus.com/archive/1/350028/30/21640/threadedhttp://www.securityfocus.com/bid/9438http://www.tripbit.org/advisories/TA-150104.txthttps://exchange.xforce.ibmcloud.com/vulnerabilities/14860http://secunia.com/advisories/10659http://securityreason.com/securityalert/3346http://securitytracker.com/id?1008745http://www.osvdb.org/3585http://www.pensacolawebdesigns.com/xtremeasp/readmore.asphttp://www.securityfocus.com/archive/1/350028/30/21640/threadedhttp://www.securityfocus.com/bid/9438http://www.tripbit.org/advisories/TA-150104.txthttps://exchange.xforce.ibmcloud.com/vulnerabilities/14860
2004-12-31
Published