Sign-up

ID

VAR-200312-0453


CVE

CVE-2003-1504


TITLE

GoldLink Cookie SQL Injection Vulnerability

Trust: 0.9

sources: BID: 8847 // CNNVD: CNNVD-200312-358

DESCRIPTION

SQL injection vulnerability in variables.php in Goldlink 3.0 allows remote attackers to execute arbitrary SQL commands via the (1) vadmin_login or (2) vadmin_pass cookie in a request to goldlink.php. GoldLink is prone to SQL injection attacks. This is due to insufficient validation of values supplied via cookies. As a result, it may be possible to manipulate SQL queries, potentially resulting in information disclosure, bulletin board compromise or other consequences

Trust: 1.35

sources: NVD: CVE-2003-1504 // BID: 8847 // VULHUB: VHN-8329 // VULMON: CVE-2003-1504

AFFECTED PRODUCTS

vendor:goldscriptsmodel:goldlinkscope:eqversion:3.0

Trust: 1.9

sources: BID: 8847 // CNNVD: CNNVD-200312-358 // NVD: CVE-2003-1504

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2003-1504
value: HIGH

Trust: 1.0

CNNVD: CNNVD-200312-358
value: HIGH

Trust: 0.6

VULHUB: VHN-8329
value: HIGH

Trust: 0.1

VULMON: CVE-2003-1504
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2003-1504
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

VULHUB: VHN-8329
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-8329 // VULMON: CVE-2003-1504 // CNNVD: CNNVD-200312-358 // NVD: CVE-2003-1504

PROBLEMTYPE DATA

problemtype:CWE-89

Trust: 1.1

sources: VULHUB: VHN-8329 // NVD: CVE-2003-1504

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200312-358

TYPE

SQL injection

Trust: 0.6

sources: CNNVD: CNNVD-200312-358

EXPLOIT AVAILABILITY

sources:
            
            
            VULHUB: VHN-8329 // 
            
            
            
            VULMON: CVE-2003-1504

EXTERNAL IDS
db:BIDid:8847
Trust: 2.1
db:NVDid:CVE-2003-1504
Trust: 1.8
db:SREASONid:3302
Trust: 1.8
db:CNNVDid:CNNVD-200312-358
Trust: 0.7
db:BUGTRAQid:20031018 GET ADMIN LEVEL ON GOLDLINK SCRIPT V3.0
Trust: 0.6
db:XFid:13465
Trust: 0.6
db:EXPLOIT-DBid:23259
Trust: 0.2
db:SEEBUGid:SSVID-77034
Trust: 0.1
db:VULHUBid:VHN-8329
Trust: 0.1
db:VULMONid:CVE-2003-1504
Trust: 0.1
sources:
            
            
            VULHUB: VHN-8329 // 
            
            
            
            VULMON: CVE-2003-1504 // 
            
            
            
            BID: 8847 // 
            
            
            
            CNNVD: CNNVD-200312-358 // 
            
            
            
            NVD: CVE-2003-1504

REFERENCES
url:http://www.securityfocus.com/bid/8847
Trust: 1.8
url:http://www.securityfocus.com/archive/1/341760
Trust: 1.8
url:http://securityreason.com/securityalert/3302
Trust: 1.8
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/13465
Trust: 1.2
url:http://xforce.iss.net/xforce/xfdb/13465
Trust: 0.6
url:http://www.goldscripts.com/goldlink.php
Trust: 0.3
url:/archive/1/341760
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/89.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://www.exploit-db.com/exploits/23259/
Trust: 0.1
sources:
            
            
            VULHUB: VHN-8329 // 
            
            
            
            VULMON: CVE-2003-1504 // 
            
            
            
            BID: 8847 // 
            
            
            
            CNNVD: CNNVD-200312-358 // 
            
            
            
            NVD: CVE-2003-1504

CREDITS
Discovery is credited to "Weke" <weke@programas-hacker.com>.
Trust: 0.9
sources:
            
            
            BID: 8847 // 
            
            
            
            CNNVD: CNNVD-200312-358

SOURCES
db:VULHUBid:VHN-8329
db:VULMONid:CVE-2003-1504
db:BIDid:8847
db:CNNVDid:CNNVD-200312-358
db:NVDid:CVE-2003-1504

LAST UPDATE DATE
2024-08-14T15:25:47.734000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-8329date:2017-07-29T00:00:00
db:VULMONid:CVE-2003-1504date:2017-07-29T00:00:00
db:BIDid:8847date:2003-10-18T00:00:00
db:CNNVDid:CNNVD-200312-358date:2003-12-31T00:00:00
db:NVDid:CVE-2003-1504date:2017-07-29T01:29:14.873

SOURCES RELEASE DATE
db:VULHUBid:VHN-8329date:2003-12-31T00:00:00
db:VULMONid:CVE-2003-1504date:2003-12-31T00:00:00
db:BIDid:8847date:2003-10-18T00:00:00
db:CNNVDid:CNNVD-200312-358date:2003-12-31T00:00:00
db:NVDid:CVE-2003-1504date:2003-12-31T05:00:00