CVE-2006-6367

Multiple SQL injection vulnerabilities in detail.asp in DUware DUdownload 1.1, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the (1) iFile or (2) action parameter. NOTE: the iType parameter is already covered by CVE-2005-3976.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:duware:dudownload:1.0:*:*:*:*:*:*:*
cpe:2.3:a:duware:dudownload:1.1:*:*:*:*:*:*:*
cpe:2.3:a:duware:dunews:1.0:*:*:*:*:*:*:*
cpe:2.3:a:duware:dunews:1.1:*:*:*:*:*:*:*
cpe:2.3:a:duware:dupaypal:3.0:*:*:*:*:*:*:*
cpe:2.3:a:duware:dupaypal:3.1:*:*:*:*:*:*:*
cpe:2.3:a:duware:dupaypal:pro_3.0:*:*:*:*:*:*:*
cpe:2.3:a:duware:dupaypal:pro_3.1:*:*:*:*:*:*:*

History

No history.

Information

Published : 2006-12-07 11:28

Updated : 2024-02-28 11:01


NVD link : CVE-2006-6367

Mitre link : CVE-2006-6367

CVE.ORG link : CVE-2006-6367


JSON object : View

Products Affected

duware

  • dunews
  • dupaypal
  • dudownload
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')