Description
Multiple SQL injection vulnerabilities in FactoSystem CMS allows remote attackers to perform unauthorized database actions via (1) the authornumber parameter in author.asp, (2) the discussblurbid parameter in discuss.asp, (3) the name parameter in holdcomment.asp, and (4) the email parameter in holdcomment.asp.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Matthew Murphy · textwebappsasp
https://www.exploit-db.com/exploits/21766
References (5)
Core 5
Core References
Vendor Advisory vdb-entry
x_refsource_xf
http://www.iss.net/security_center/static/10000.php
Exploit, Vendor Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/5600
Product x_refsource_misc
http://sourceforge.net/tracker/index.php?func=detail&aid=602711&group_id=12668&atid=112668
Third Party Advisory mailing-list
x_refsource_vulnwatch
http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0097.html
Exploit, Vendor Advisory mailing-list
x_refsource_bugtraq
http://online.securityfocus.com/archive/1/290021
Scores
EPSS
0.0053
EPSS Percentile
67.3%
Details
Status
published
Products (3)
factosystem/factosystem_weblog
0.9b
factosystem/factosystem_weblog
1.0_beta
factosystem/factosystem_weblog
1.1_beta
Published
Apr 02, 2003
Tracked Since
Feb 18, 2026