Description

Microsoft SQL Server 7.0 and 2000 installs with weak permissions for extended stored procedures that are associated with helper functions, which could allow unprivileged users, and possibly remote attackers, to run stored procedures with administrator privileges via (1) xp_execresultset, (2) xp_printstatements, or (3) xp_displayparamstmt.

Remediation

References

CVE-2002-0721

Related Vulnerabilities

CKEditor Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-9281)

WordPress Plugin wp-football Multiple Cross-Site Scripting Vulnerabilities (1.1)

WordPress Plugin InstaWP Connect-1-click WP Staging & Migration Arbitrary File Upload (0.1.0.22)

WordPress Plugin MyLiveChat-Free Live Chat Plugin for WordPress Cross-Site Scripting (2.0.1)

WordPress Plugin AMP for WP-Accelerated Mobile Pages Multiple Unspecified Vulnerabilities (0.9.72)

Severity

Critical

Classification

CVE-2002-0721

Tags

Missing Update Known Vulnerabilities