Unrated severityNVD Advisory· Published Apr 2, 2003· Updated Jun 16, 2026
CVE-2002-1499
CVE-2002-1499
Description
Multiple SQL injection vulnerabilities in FactoSystem CMS allows remote attackers to perform unauthorized database actions via (1) the authornumber parameter in author.asp, (2) the discussblurbid parameter in discuss.asp, (3) the name parameter in holdcomment.asp, and (4) the email parameter in holdcomment.asp.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4cpe:2.3:a:factosystem:factosystem_weblog:0.9b:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:factosystem:factosystem_weblog:0.9b:*:*:*:*:*:*:*
- cpe:2.3:a:factosystem:factosystem_weblog:1.0_beta:*:*:*:*:*:*:*
- cpe:2.3:a:factosystem:factosystem_weblog:1.1_beta:*:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
5- online.securityfocus.com/archive/1/290021nvdExploitVendor Advisory
- www.securityfocus.com/bid/5600nvdExploitVendor Advisory
- www.iss.net/security_center/static/10000.phpnvdVendor Advisory
- archives.neohapsis.com/archives/vulnwatch/2002-q3/0097.htmlnvd
- sourceforge.net/tracker/index.phpnvd
News mentions
0No linked articles in our index yet.