Multiple SQL injection vulnerabilities in DUware DUclassified 4.0 up to and including 4.2 allows remote malicious users to bypass authentication and execute other commands on the server's underlying database via the (1) cat_id or (2) sub_id parameters in adDetail.asp, or (2) the password parameter in the login form.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
duware duclassified 4.0 |
||
duware duclassified 4.1 |
||
duware duclassified 4.2 |