Strix
26.1K

CVE-2004-2340

UnknownEPSS 1.33%

Last modified

CVE-2004-2340 is a vulnerability of currently unknown severity. ** UNVERIFIABLE ** SQL injection vulnerability in PunkBuster Screenshot Database (PB-DB) Alpha 6 allows remote attackers to execute arbitrary SQL commands via the username and password fields of the login form. NOTE: the original vulnerability report contains several significant inconsistencies that make it unclear whether the report is accurate, including (1) PB-DB is really the "PunkBuster Screenshot Database" and not "PunkBuster" itself; (2) there is no apparent association between PunkBuster and "Punky Brewster"; (3) the claimed source code is not anywhere in Alpha 6.. EPSS estimates a 1.33% chance of exploitation in the next 30 days.

Description

** UNVERIFIABLE ** SQL injection vulnerability in PunkBuster Screenshot Database (PB-DB) Alpha 6 allows remote attackers to execute arbitrary SQL commands via the username and password fields of the login form. NOTE: the original vulnerability report contains several significant inconsistencies that make it unclear whether the report is accurate, including (1) PB-DB is really the "PunkBuster Screenshot Database" and not "PunkBuster" itself; (2) there is no apparent association between PunkBuster and "Punky Brewster"; (3) the claimed source code is not anywhere in Alpha 6.

Metrics

EPSS Probability
1.33%

67.5th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

VendorProductVersions
Even BalancePunkbuster Database1.0_alpha
Even BalancePunkbuster Database2.0_alpha
Even BalancePunkbuster Database3.0_alpha
Even BalancePunkbuster Database4.0_alpha
Even BalancePunkbuster Database5.0_alpha
Even BalancePunkbuster Database6.0_alpha

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2004-2340?
** UNVERIFIABLE ** SQL injection vulnerability in PunkBuster Screenshot Database (PB-DB) Alpha 6 allows remote attackers to execute arbitrary SQL commands via the username and password fields of the login form. NOTE: the original vulnerability report contains several significant inconsistencies that make it unclear whether the report is accurate, including (1) PB-DB is really the "PunkBuster Screenshot Database" and not "PunkBuster" itself; (2) there is no apparent association between PunkBuster and "Punky Brewster"; (3) the claimed source code is not anywhere in Alpha 6.
How severe is CVE-2004-2340?
Severity scoring for CVE-2004-2340 is pending analysis. The EPSS model estimates a 1.33% probability of exploitation in the next 30 days.
How do I fix CVE-2004-2340?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2004-2340?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST