Multiple SQL injection vulnerabilities in detail.asp in DUware DUdownload 1.1, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the (1) iFile or (2) action parameter. NOTE: the iType parameter is already covered by CVE-2005-3976.
References
Link | Resource |
---|---|
http://marc.info/?l=bugtraq&m=116508632603388&w=2 | Mailing List |
http://secunia.com/advisories/23224 | Vendor Advisory |
http://www.aria-security.com/forum/showthread.php?t=60 | Broken Link |
http://www.securityfocus.com/bid/21405 | Exploit Third Party Advisory VDB Entry |
http://www.vupen.com/english/advisories/2006/4845 | Not Applicable |
https://exchange.xforce.ibmcloud.com/vulnerabilities/30669 |
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2006-12-07 11:28
Updated : 2024-02-28 11:01
NVD link : CVE-2006-6367
Mitre link : CVE-2006-6367
CVE.ORG link : CVE-2006-6367
JSON object : View
Products Affected
duware
- dunews
- dupaypal
- dudownload
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')