VYPR
← All advisories
Unrated severityNVD Advisory· Published Dec 31, 2004· Updated Apr 16, 2026

CVE-2004-2471

CVE-2004-2471

Description

An SQL injection vulnerability exists in the sloth TCL script of QuoteEngine before 1.2.0 allowing remote attackers to execute arbitrary SQL commands via unknown vectors.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

An SQL injection vulnerability exists in the sloth TCL script of QuoteEngine before 1.2.0 allowing remote attackers to execute arbitrary SQL commands via unknown vectors.

Vulnerability

The sloth TCL script in QuoteEngine prior to version 1.2.0 is vulnerable to SQL injection [1]. The official description states that unknown vectors can be exploited to execute arbitrary SQL commands. Affected versions include all releases before 1.2.0.

Exploitation

A remote attacker can exploit this vulnerability without requiring authentication or special privileges [1]. The specific attack vectors are not disclosed, but the script fails to properly sanitize user-supplied input used in SQL queries, allowing the injection of malicious SQL statements.

Impact

Successful exploitation allows an attacker to execute arbitrary SQL commands against the underlying database [1]. This could lead to unauthorized access, modification, or deletion of data within the QuoteEngine application, potentially compromising the entire database.

Mitigation

The vulnerability is fixed in QuoteEngine version 1.2.0 [1]. Users should upgrade to this version or later. No other workarounds are mentioned in the available references. The CVE is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.

References
  1. About Secunia Research | Flexera

AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

3
  • Jamesoff/Quoteengine2 versions
    cpe:2.3:a:jamesoff:quoteengine:1.0:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:jamesoff:quoteengine:1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:jamesoff:quoteengine:1.1:*:*:*:*:*:*:*
  • QuoteEngine/QuoteEnginellm-create
    Range: <1.2.0

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

4

News mentions

0

No linked articles in our index yet.