Duware: >> Duclassified >> 4.0 Security Vulnerabilities
Multiple SQL injection vulnerabilities in detail.asp in DuWare DuNews allow remote attackers to execute arbitrary SQL commands via the (1) iNews, (2) iType, or (3) Action parameter. NOTE: the iType parameter in type.asp is covered by CVE-2005-3976.
CVSS Score
7.5
EPSS Score
0.011
Published
2006-12-07
Cross-site scripting (XSS) vulnerability in DUware DUclassified 4.0 allows remote attackers to inject arbitrary web script or HTML via the message text.
CVSS Score
4.3
EPSS Score
0.004
Published
2004-12-31
Multiple SQL injection vulnerabilities in DUware DUclassified 4.0 through 4.2 allows remote attackers to bypass authentication and execute other commands on the server's underlying database via the (1) cat_id or (2) sub_id parameters in adDetail.asp, or (2) the password parameter in the login form.
CVSS Score
7.5
EPSS Score
0.005
Published
2004-12-31