CVE-2003-0399 | Vulnerability Database | Aqua Security

NVD

https://nvd.nist.gov/vuln/detail/CVE-2003-0399

CWE

https://cwe.mitre.org/data/definitions/NVD-Other.html

Vignette StoryServer 4 and 5, Vignette V/5, and possibly other versions allows remote attackers to perform unauthorized SELECT queries by setting the vgn_creds cookie to an arbitrary value and directly accessing the save template.

Affected Software

Name	Vendor	Start Version	End Version
Content_suite	Vignette	6.0 (including)	6.0 (including)
Content_suite	Vignette	7.0 (including)	7.0 (including)
Storyserver	Vignette	4.0 (including)	4.0 (including)
Storyserver	Vignette	4.1 (including)	4.1 (including)
Storyserver	Vignette	5.0 (including)	5.0 (including)
Vignette	Vignette	5.0 (including)	5.0 (including)

References

http://marc.info/?l=bugtraq\u0026m=105405874325673\u0026w=2
http://www.iss.net/security_center/static/12076.php
http://www.s21sec.com/es/avisos/s21sec-017-en.txt
http://www.securityfocus.com/bid/7683