Vulnerability Details CVE-2005-3976
SQL injection vulnerability in type.asp, as used in multiple DUware products including (1) DUamazon 3.1, (2) DUarticle 1.1, (3) DUclassified 4.2, (4) DUdirectory 3.1 and DUdirectory Pro 3.0 and 3.0 SQL, (5) DUdownload 1.1, (6) DUgallery 3.3, (7) DUnews 1.1, and (8) DUpaypal 3.1 and DUpaypal Pro 3.0, allows remote attackers to execute arbitrary SQL commands via the iType parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 69.2%
CVSS Severity
CVSS v2 Score 7.5
References
- http://secunia.com/advisories/17835
- http://www.osvdb.org/21385
- http://www.securityfocus.com/bid/15681
- http://www.vupen.com/english/advisories/2005/2700
- https://exchange.xforce.ibmcloud.com/vulnerabilities/30673
- http://secunia.com/advisories/17835
- http://www.osvdb.org/21385
- http://www.securityfocus.com/bid/15681
- http://www.vupen.com/english/advisories/2005/2700
- https://exchange.xforce.ibmcloud.com/vulnerabilities/30673
Products affected by CVE-2005-3976
-
cpe:2.3:a:duware:duamazon:3.1
-
cpe:2.3:a:duware:duarticle:1.1
-
cpe:2.3:a:duware:duclassified:4.2
-
cpe:2.3:a:duware:dudirectory:3.1
-
cpe:2.3:a:duware:dudirectory_pro:3.0
-
cpe:2.3:a:duware:dudirectory_pro_sql:3.0
-
cpe:2.3:a:duware:dudownload:1.1
-
cpe:2.3:a:duware:dugallery:3.3
-
cpe:2.3:a:duware:dunews:1.1
-
cpe:2.3:a:duware:dupaypal:3.1
-
cpe:2.3:a:duware:dupaypal_pro:3.0