CVE-2004-2746

Pensacola WEB Designs Xtremeasp Photogallery - SQL Injection

Title source: rule

Description

SQL injection vulnerability in adminlogin.asp in XTREME ASP Photo Gallery 2.0 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.

Exploits (1)

exploitdb WRITEUP VERIFIED

by posidron · textwebappsasp

https://www.exploit-db.com/exploits/23547

View Code ZIP pw:eip

References (9)

Core 9

Core References

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/350028/30/21640/threaded

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/9438

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://securitytracker.com/id?1008745

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/14860

Patch x_refsource_confirm

http://www.pensacolawebdesigns.com/xtremeasp/readmore.asp

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://www.osvdb.org/3585

Third Party Advisory third-party-advisory x_refsource_sreason

http://securityreason.com/securityalert/3346

Various Sources x_refsource_misc

http://www.tripbit.org/advisories/TA-150104.txt

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/10659

Scores

EPSS 0.0080

EPSS Percentile 74.2%

Details

CWE

CWE-89

Status published

Products (1)

pensacola_web_designs/xtremeasp_photogallery 2.0

Published Dec 31, 2004

Tracked Since Feb 18, 2026