CVE-2004-1893

Summary

CVE	CVE-2004-1893
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2004-12-31 05:00:00 UTC
Updated	2017-07-11 01:31:00 UTC
Description	Dreamweaver MX, when "Using Driver On Testing Server" or "Using DSN on Testing Server" is selected, uploads the mmhttpdb.asp script to the web site but does not require authentication, which allows remote attackers to obtain sensitive information and possibly execute arbitrary SQL commands via a direct request to mmhttpdb.asp.

Risk And Classification

Problem Types: NVD-CWE-Other

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Macromedia	Dreamweaver	2004	All	All	All
Application	Macromedia	Dreamweaver	6.0	All	All	All
Application	Macromedia	Dreamweaver	6.1	All	All	All
Application	Macromedia	Dreamweaver	2004	All	All	All
Application	Macromedia	Dreamweaver	6.0	All	All	All
Application	Macromedia	Dreamweaver	6.1	All	All	All
Application	Macromedia	Dreamweaver Ultradev	4.0	All	All	All
Application	Macromedia	Dreamweaver Ultradev	4.0	All	All	All

References

Reference	Source	Link	Tags
Secunia - Advisories - Dreamweaver Database Connection Script Security Issue	SECUNIA	secunia.com	Patch
Macromedia - MPSB 04-05 Potential Risk in Dreamweaver Remote Database Connectivity	CONFIRM	www.macromedia.com	Vendor Advisory
IBM X-Force Exchange	XF	exchange.xforce.ibmcloud.com
'[[email protected]: New Macromedia Security Zone Bulletin Posted]' - MARC	BUGTRAQ	marc.info
nextgenss.com -&nbspThis website is for sale! -&nbspnextgenss Resources and Information.	MISC	www.nextgenss.com
Macromedia Dreamweaver Remote User Database Access Vulnerability	BID	www.securityfocus.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.