Vulnerability Name: | CCN-20693 | ||||||
Published: | 2005-05-18 | ||||||
Updated: | 2005-05-18 | ||||||
Summary: | Microsoft ASP.NET Framework is vulnerable to SQL injection caused by improper validation of user-supplied characters in a SQL query. A remote attacker could include a double quote character (") in a SQL query which would return data that may allow the attacker to obtain sensitive information and add, modify or delete information in the backend database. | ||||||
CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||
CVSS v2 Severity: | 7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.1 High (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:H/RL:U/RC:UR)
| ||||||
Vulnerability Consequences: | Data Manipulation | ||||||
References: | Source: CCN Type: Microsoft ASP.NET Web page Microsoft ASP.NET Development Center Source: CCN Type: Net Square Security Advisory NS-051805-ASPNET Unhandled exception leads to file system disclosure and SQL injection Source: XF Type: UNKNOWN ms-aspnet-sql-injection(20693) | ||||||
Vulnerable Configuration: | Configuration CCN 1: Denotes that component is vulnerable | ||||||
BACK |