Description
SQL injection vulnerability in the web-based administration interface for iisPROTECT 2.2-r4, and possibly earlier versions, allows remote attackers to insert arbitrary SQL and execute code via certain variables, as demonstrated using the GroupName variable in SiteAdmin.ASP.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Gyrniff · textwebappsasp
https://www.exploit-db.com/exploits/22639
References (1)
Core 1
Core References
Third Party Advisory mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=105370528728225&w=2
Scores
EPSS
0.0089
EPSS Percentile
75.7%
Details
CWE
CWE-89
Status
published
Products (1)
iisprotect/iisprotect
< 2.2
Published
Jun 16, 2003
Tracked Since
Feb 18, 2026