CVE-2004-1893
Severity Score
5.0
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Dreamweaver MX, when "Using Driver On Testing Server" or "Using DSN on Testing Server" is selected, uploads the mmhttpdb.asp script to the web site but does not require authentication, which allows remote attackers to obtain sensitive information and possibly execute arbitrary SQL commands via a direct request to mmhttpdb.asp.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2004-12-31 CVE Published
- 2005-05-04 CVE Reserved
- 2024-04-16 EPSS Updated
- 2024-08-08 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (6)
| URL | Tag | Source |
|---|---|---|
| http://marc.info/?l=bugtraq&m=108102481929451&w=2 | Mailing List | |
| http://www.nextgenss.com/advisories/dreamweaver.txt | X_refsource_misc | |
| http://www.securityfocus.com/bid/10036 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/15721 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/11284 | 2017-07-11 |
| URL | Date | SRC |
|---|---|---|
| http://www.macromedia.com/devnet/security/security_zone/mpsb04-05.html | 2017-07-11 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Macromedia Search vendor "Macromedia" | Dreamweaver Search vendor "Macromedia" for product "Dreamweaver" | 6.0 Search vendor "Macromedia" for product "Dreamweaver" and version "6.0" | - |
Safe
| ||||||
| Macromedia Search vendor "Macromedia" | Dreamweaver Search vendor "Macromedia" for product "Dreamweaver" | 6.1 Search vendor "Macromedia" for product "Dreamweaver" and version "6.1" | - |
Safe
| ||||||
| Macromedia Search vendor "Macromedia" | Dreamweaver Search vendor "Macromedia" for product "Dreamweaver" | 2004 Search vendor "Macromedia" for product "Dreamweaver" and version "2004" | - |
Safe
| ||||||
| Macromedia Search vendor "Macromedia" | Dreamweaver Ultradev Search vendor "Macromedia" for product "Dreamweaver Ultradev" | 4.0 Search vendor "Macromedia" for product "Dreamweaver Ultradev" and version "4.0" | - |
Safe
| ||||||