CVE-2003-0399

Vignette StoryServer 4 and 5, Vignette V/5, and possibly other versions allows remote attackers to perform unauthorized SELECT queries by setting the vgn_creds cookie to an arbitrary value and directly accessing the save template.

Date published : 2003-06-11

http://www.securityfocus.com/bid/7683

http://marc.info/?l=bugtraq&m=105405874325673&w=2