LiveActive security incident?Get immediate response
CVE Record

CVE-2004-0374: Interchange before 5.0.1 allows remote attackers to "expose the content of arbitrary variables" and read or...

Interchange before 5.0.1 allows remote attackers to "expose the content of arbitrary variables" and read or modify sensitive SQL information via an HTTP request ending with the "__SQLUSER__" string.

UnknownCVSS not scoredNot KEV-listedUpdated
Glexia's Takehigh

Analyst readout for executives and security teams

Plain-English summary

Interchange versions before 5.0.1 could let a remote attacker use a specially formed HTTP request to reveal internal variables and access or change sensitive SQL-related information. For an exposed e-commerce system, this is a serious confidentiality and integrity issue, even though the source bundle provides no CVSS score.

Executive priority

Prioritize quickly if Interchange supports storefront, order, customer, or database-backed workflows. The business risk is unauthorized disclosure or modification of sensitive commerce data. If Interchange is not present, close as not applicable after inventory confirmation.

Technical view

The issue is tied to Interchange URL handling: an HTTP request ending in "__SQLUSER__" can expose arbitrary variables and allow reading or modifying sensitive SQL information. The bundle identifies affected versions as Interchange before 5.0.1. No exploit code, patch details beyond the version boundary, or CVSS metrics are included.

Likely exposure

Exposure is most likely where legacy Interchange installations before 5.0.1 remain reachable over HTTP. Organizations not running Interchange, or running maintained versions after 5.0.1, are unlikely to be affected based on the provided sources.

Exploitation context

The bundle describes remote attackability via HTTP, but does not show active exploitation. The CVE is not marked as KEV. Treat exploit status as unknown unless internal telemetry or vendor intelligence indicates attempts against Interchange paths.

Researcher notes

Evidence is sparse but consistent: the CVE description, ICDevGroup references, SecurityFocus, IBM X-Force, Secunia, and Debian advisory all point to Interchange before 5.0.1. The bundle does not provide CVSS, CWE, affected CPEs, or detailed patch mechanics.

Mitigation direction

  • Identify any Interchange deployments and confirm exact versions.
  • Upgrade Interchange instances older than 5.0.1 according to vendor or distribution guidance.
  • Review Debian DSA-471 if using Debian-packaged Interchange.
  • Restrict public access to legacy Interchange systems until remediation is complete.
  • Check vendor advisories for any configuration-specific guidance.

Validation and detection

  • Confirm no internet-facing Interchange instance reports a version before 5.0.1.
  • Review web logs for requests ending with "__SQLUSER__".
  • Check SQL access logs for unexpected reads or modifications around suspicious HTTP activity.
  • Verify package or application inventory against the Interchange version boundary.
  • Document whether each exposed host is upgraded, retired, or isolated.
Prepared
Confidence
medium
Sources
8

Based on public source material and reviewed before publication.

Potential ATT&CK relevance

Conservative CVE-to-ATT&CK context

These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.

ATT&CK lookup starting points

Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.

cve · low confidence lookup

CVE-2004-0374 mapping review

Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.

Open ATT&CK lookup
Vulnerability profileCVE Program record
Severity
Unknown
CVSS
Not scored
Known Exploited
No
Published
Official CVE source material

CNA and ADP enrichment extracted from CVE v5

These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.

0CVSS vectors
0Timeline events
0ADP providers
7Source links

CVSS and timeline data

No CVSS vectors or timeline events were available in the normalized CVE source material.

Source materials

Affected products

Products and packages named in the record

VendorProductVersion / packageStatus
n/an/an/aListed
Weakness

CWE details

No CWE listed

CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.