Vulnerability Details CVE-2006-6354
Multiple SQL injection vulnerabilities in detail.asp in DuWare DuNews allow remote attackers to execute arbitrary SQL commands via the (1) iNews, (2) iType, or (3) Action parameter. NOTE: the iType parameter in type.asp is covered by CVE-2005-3976.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.011
EPSS Ranking 77.1%
CVSS Severity
CVSS v2 Score 7.5
References
- http://secunia.com/advisories/23228
- http://securityreason.com/securityalert/1996
- http://www.aria-security.com/forum/showthread.php?t=61
- http://www.securityfocus.com/archive/1/453317/100/0/threaded
- http://www.securityfocus.com/bid/15681
- http://www.vupen.com/english/advisories/2006/4834
- https://exchange.xforce.ibmcloud.com/vulnerabilities/30673
- http://secunia.com/advisories/23228
- http://securityreason.com/securityalert/1996
- http://www.aria-security.com/forum/showthread.php?t=61
- http://www.securityfocus.com/archive/1/453317/100/0/threaded
- http://www.securityfocus.com/bid/15681
- http://www.vupen.com/english/advisories/2006/4834
- https://exchange.xforce.ibmcloud.com/vulnerabilities/30673
Products affected by CVE-2006-6354
-
cpe:2.3:a:duware:duamazon:3.0
-
cpe:2.3:a:duware:duamazon:3.1
-
cpe:2.3:a:duware:duarticle:1.0
-
cpe:2.3:a:duware:duarticle:1.1
-
cpe:2.3:a:duware:duclassified:4.0
-
cpe:2.3:a:duware:duclassified:4.1
-
cpe:2.3:a:duware:duclassified:4.2
-
cpe:2.3:a:duware:dudirectory:3.0
-
cpe:2.3:a:duware:dudirectory:3.1
-
cpe:2.3:a:duware:dudirectory_pro:3.0
-
cpe:2.3:a:duware:dudirectory_pro:3.1
-
cpe:2.3:a:duware:dudirectory_pro_sql:3.0
-
cpe:2.3:a:duware:dudirectory_pro_sql:3.1
-
cpe:2.3:a:duware:dudownload:1.0
-
cpe:2.3:a:duware:dudownload:1.1
-
cpe:2.3:a:duware:dugallery:3.0
-
cpe:2.3:a:duware:dugallery:3.1
-
cpe:2.3:a:duware:dugallery:3.2
-
cpe:2.3:a:duware:dugallery:3.3
-
cpe:2.3:a:duware:dunews:1.0
-
cpe:2.3:a:duware:dunews:1.1
-
cpe:2.3:a:duware:dupaypal:3.0
-
cpe:2.3:a:duware:dupaypal:3.1
-
cpe:2.3:a:duware:dupaypal_pro:3.0
-
cpe:2.3:a:duware:dupaypal_pro:3.1