Unrated severityNVD Advisory· Published Apr 2, 2003· Updated Apr 16, 2026

CVE-2002-1499

Description

Multiple SQL injection vulnerabilities in FactoSystem CMS allows remote attackers to perform unauthorized database actions via (1) the authornumber parameter in author.asp, (2) the discussblurbid parameter in discuss.asp, (3) the name parameter in holdcomment.asp, and (4) the email parameter in holdcomment.asp.

Affected products

Factosystem/Factosystem Weblog3 versions
cpe:2.3:a:factosystem:factosystem_weblog:0.9b:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:factosystem:factosystem_weblog:0.9b:*:*:*:*:*:*:*
- cpe:2.3:a:factosystem:factosystem_weblog:1.0_beta:*:*:*:*:*:*:*
- cpe:2.3:a:factosystem:factosystem_weblog:1.1_beta:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

online.securityfocus.com/archive/1/290021nvdExploitVendor Advisory
www.securityfocus.com/bid/5600nvdExploitVendor Advisory
www.iss.net/security_center/static/10000.phpnvdVendor Advisory
archives.neohapsis.com/archives/vulnwatch/2002-q3/0097.htmlnvd
sourceforge.net/tracker/index.phpnvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000