CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Duware: >> Dudirectory Pro Sql Security Vulnerabilities

CVE-2006-6354

Multiple SQL injection vulnerabilities in detail.asp in DuWare DuNews allow remote attackers to execute arbitrary SQL commands via the (1) iNews, (2) iType, or (3) Action parameter. NOTE: the iType parameter in type.asp is covered by CVE-2005-3976.

CVSS Score

7.5

EPSS Score

0.011

Published

2006-12-07

CVE-2005-3976

SQL injection vulnerability in type.asp, as used in multiple DUware products including (1) DUamazon 3.1, (2) DUarticle 1.1, (3) DUclassified 4.2, (4) DUdirectory 3.1 and DUdirectory Pro 3.0 and 3.0 SQL, (5) DUdownload 1.1, (6) DUgallery 3.3, (7) DUnews 1.1, and (8) DUpaypal 3.1 and DUpaypal Pro 3.0, allows remote attackers to execute arbitrary SQL commands via the iType parameter.

CVSS Score

7.5

EPSS Score

0.006

Published

2005-12-03

Page 1

Vulnerabilities

Vulnerable Software

Duware: >> Dudirectory Pro Sql Security Vulnerabilities

Products

Pricing

Contact Us