CVE Vulnerabilities

CVE-2005-3976

Published: Dec 03, 2005 | Modified: Jul 20, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

SQL injection vulnerability in type.asp, as used in multiple DUware products including (1) DUamazon 3.1, (2) DUarticle 1.1, (3) DUclassified 4.2, (4) DUdirectory 3.1 and DUdirectory Pro 3.0 and 3.0 SQL, (5) DUdownload 1.1, (6) DUgallery 3.3, (7) DUnews 1.1, and (8) DUpaypal 3.1 and DUpaypal Pro 3.0, allows remote attackers to execute arbitrary SQL commands via the iType parameter.

Affected Software

Name Vendor Start Version End Version
Duamazon Duware 3.1 (including) 3.1 (including)
Duarticle Duware 1.1 (including) 1.1 (including)
Duclassified Duware 4.2 (including) 4.2 (including)
Dudirectory Duware 3.1 (including) 3.1 (including)
Dudirectory_pro Duware 3.0 (including) 3.0 (including)
Dudirectory_pro_sql Duware 3.0 (including) 3.0 (including)
Dudownload Duware 1.1 (including) 1.1 (including)
Dugallery Duware 3.3 (including) 3.3 (including)
Dunews Duware 1.1 (including) 1.1 (including)
Dupaypal Duware 3.1 (including) 3.1 (including)
Dupaypal_pro Duware 3.0 (including) 3.0 (including)

References