Description
Interchange before 5.0.1 allows remote attackers to "expose the content of arbitrary variables" and read or modify sensitive SQL information via an HTTP request ending with the "__SQLUSER__" string.
Exploits (1)
References (6)
Core 6
Core References
Various Sources mailing-list
x_refsource_mlist
http://www.icdevgroup.org/pipermail/interchange-announce/2004/000043.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/10005
Various Sources x_refsource_confirm
http://ftp.icdevgroup.org/interchange/5.0/WHATSNEW
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/15670
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/11234
Patch, Vendor Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2004/dsa-471
Scores
EPSS
0.0831
EPSS Percentile
92.3%
Details
Status
published
Products (10)
interchange_development_group/interchange
4.8.1
interchange_development_group/interchange
4.8.2
interchange_development_group/interchange
4.8.3
interchange_development_group/interchange
4.8.4
interchange_development_group/interchange
4.8.5
interchange_development_group/interchange
4.8.6
interchange_development_group/interchange
4.8.7
interchange_development_group/interchange
4.8.8
interchange_development_group/interchange
4.8.9
interchange_development_group/interchange
5.0
Published
May 04, 2004
Tracked Since
Feb 18, 2026