CVE-2004-1647

Password Protect - SQL Injection via Multiple Parameters

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2004-1647. PoCs published by Criolabs.

AI-analyzed exploit summary This is a vulnerability writeup describing SQL injection and XSS vulnerabilities in Password Protect. It provides URLs with parameters vulnerable to injection but does not include executable exploit code.

Description

SQL injection vulnerability in Password Protect allows remote attackers to execute arbitrary SQL statements and bypass authentication via (1) admin or Pass parameter to index_next.asp, (2) LoginId, OPass, or NPass to CPassChangePassword.asp, (3) users_edit.asp, or (4) users_add.asp.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Criolabs · textwebappsasp
https://www.exploit-db.com/exploits/24420

This is a vulnerability writeup describing SQL injection and XSS vulnerabilities in Password Protect. It provides URLs with parameters vulnerable to injection but does not include executable exploit code.

Classification
Writeup 90%
Attack Type
Sqli | Xss
Complexity
Trivial
Reliability
Theoretical
Target: Password Protect (all versions)
No auth needed
Prerequisites: Network access to the target application
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Exploit, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/11073
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=109414967003192&w=2
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/17188
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/12407
URL Repurposed x_refsource_misc
http://www.criolabs.net/advisories/passprotect.txt

Scores

EPSS 0.0124
EPSS Percentile 65.3%

Details

Status published
Products (1)
web_animations/password_protect
Published Aug 30, 2004
Tracked Since Feb 18, 2026