CVE-2004-2562

SQL injection vulnerability in jobedit.asp in Leigh Business Enterprises (LBE) Web Helpdesk before 4.0.0.81 allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://secunia.com/advisories/12123	Patch Vendor Advisory
http://www.lbehelpdesk.com/patch/web/history.txt	URL Repurposed
http://www.osvdb.org/8181
http://www.securiteam.com/windowsntfocus/5QP0M0ADGI.html	Exploit Patch
http://www.securityfocus.com/bid/10773	Exploit Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/16779

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:leigh_business_enterprises:web_helpdesk:1.2_1999-07-00:::::::*
	cpe:2.3:a:leigh_business_enterprises:web_helpdesk:1.3_2000-07-00:::::::*
	cpe:2.3:a:leigh_business_enterprises:web_helpdesk:1.4_2000-08-00:::::::*
	cpe:2.3:a:leigh_business_enterprises:web_helpdesk:4.0.0.33_2001-05-00:::::::*
	cpe:2.3:a:leigh_business_enterprises:web_helpdesk:4.0.0.35_2001-06-04:::::::*
	cpe:2.3:a:leigh_business_enterprises:web_helpdesk:4.0.0.38_2001-06-10:::::::*
	cpe:2.3:a:leigh_business_enterprises:web_helpdesk:4.0.0.40_2001-07-21:::::::*
	cpe:2.3:a:leigh_business_enterprises:web_helpdesk:4.0.0.41_2001-08-27:::::::*
	cpe:2.3:a:leigh_business_enterprises:web_helpdesk:4.0.0.43_2001-09-28:::::::*
	cpe:2.3:a:leigh_business_enterprises:web_helpdesk:4.0.0.50:::::::*
	cpe:2.3:a:leigh_business_enterprises:web_helpdesk:4.0.0.52:::::::*
	cpe:2.3:a:leigh_business_enterprises:web_helpdesk:4.0.0.53:::::::*
	cpe:2.3:a:leigh_business_enterprises:web_helpdesk:4.0.0.54:::::::*
	cpe:2.3:a:leigh_business_enterprises:web_helpdesk:4.0.0.59:::::::*
	cpe:2.3:a:leigh_business_enterprises:web_helpdesk:4.0.0.60:::::::*
	cpe:2.3:a:leigh_business_enterprises:web_helpdesk:4.0.0.61:::::::*
	cpe:2.3:a:leigh_business_enterprises:web_helpdesk:4.0.0.62:::::::*
	cpe:2.3:a:leigh_business_enterprises:web_helpdesk:4.0.0.63:::::::*
	cpe:2.3:a:leigh_business_enterprises:web_helpdesk:4.0.0.64:::::::*
	cpe:2.3:a:leigh_business_enterprises:web_helpdesk:4.0.0.65:::::::*
	cpe:2.3:a:leigh_business_enterprises:web_helpdesk:4.0.0.66:::::::*
	cpe:2.3:a:leigh_business_enterprises:web_helpdesk:4.0.0.67:::::::*
	cpe:2.3:a:leigh_business_enterprises:web_helpdesk:4.0.0.68:::::::*
	cpe:2.3:a:leigh_business_enterprises:web_helpdesk:4.0.0.69:::::::*
	cpe:2.3:a:leigh_business_enterprises:web_helpdesk:4.0.0.70:::::::*
	cpe:2.3:a:leigh_business_enterprises:web_helpdesk:4.0.0.71:::::::*
	cpe:2.3:a:leigh_business_enterprises:web_helpdesk:4.0.0.72:::::::*
	cpe:2.3:a:leigh_business_enterprises:web_helpdesk:4.0.0.73:::::::*
	cpe:2.3:a:leigh_business_enterprises:web_helpdesk:4.0.0.74:::::::*
	cpe:2.3:a:leigh_business_enterprises:web_helpdesk:4.0.0.75:::::::*
	cpe:2.3:a:leigh_business_enterprises:web_helpdesk:4.0.0.76:::::::*
	cpe:2.3:a:leigh_business_enterprises:web_helpdesk:4.0.0.77:::::::*
	cpe:2.3:a:leigh_business_enterprises:web_helpdesk:4.0.0.78:::::::*
	cpe:2.3:a:leigh_business_enterprises:web_helpdesk:4.0.0.79:::::::*
	cpe:2.3:a:leigh_business_enterprises:web_helpdesk:4.0.0.80:::::::*
	cpe:2.3:a:leigh_business_enterprises:web_helpdesk:4.0_2001-03-00:::::::*

History

14 Feb 2024, 01:17

Type	Values Removed	Values Added
References	~~(CONFIRM) http://www.lbehelpdesk.com/patch/web/history.txt -~~	(CONFIRM) http://www.lbehelpdesk.com/patch/web/history.txt - URL Repurposed

Information

Published : 2004-12-31 05:00

Updated : 2024-02-28 10:42

NVD link : CVE-2004-2562

Mitre link : CVE-2004-2562

CVE.ORG link : CVE-2004-2562

JSON object : View

Products Affected

leigh_business_enterprises

web_helpdesk

CWE

NVD-CWE-Other

7.5 /10