Unrated severityNVD Advisory· Published Dec 31, 2004· Updated Apr 16, 2026

CVE-2004-1553

Description

SQL injection vulnerability in aspWebAlbum allows remote attackers to execute arbitrary SQL statements via (1) the username field on the login page or (2) the cat parameter to album.asp. NOTE: it was later reported that vector 1 affects aspWebAlbum 3.2, and the vector involves the txtUserName parameter in a processlogin action to album.asp, as reachable from the login action.

Affected products

Fullrevolution/Aspwebalbum
cpe:2.3:a:fullrevolution:aspwebalbum:3.2:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/11246nvdExploit
www.securityfocus.com/bid/30996nvdExploit
secunia.com/advisories/31649nvdVendor Advisory
marc.infonvd
osvdb.org/47913nvd
osvdb.org/47914nvd
exchange.xforce.ibmcloud.com/vulnerabilities/17507nvd
exchange.xforce.ibmcloud.com/vulnerabilities/44876nvd
exchange.xforce.ibmcloud.com/vulnerabilities/44877nvd
www.exploit-db.com/exploits/6357nvd
www.exploit-db.com/exploits/6420nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.003
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000