Published: 22/06/2005 Updated: 18/10/2016

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 785

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Multiple SQL injection vulnerabilities in DUware DUamazon Pro 3.0 and 3.1 allow remote malicious users to execute arbitrary SQL commands via the (1) iCat parameter to cat.asp, (2) iSub parameter to sub.asp, (3) iSub parameter to detail.asp, (4) iPro parameter to review.asp, iCat parameter to (5) catEdit.asp, (6) catDelete.asp, (7) productEdit.asp, or (8) productDelete.asp, or (9) iType parameter to type.asp.

Vulnerable Product	Search on Vulmon	Subscribe to Product
duware duamazon pro 3.0
duware duamazon pro 3.1

source: wwwsecurityfocuscom/bid/14033/info DUamazon Pro is prone to multiple SQL injection vulnerabilities These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries Successful exploitation could result in a compromise of the application, disclosure or modification of da ...

source: wwwsecurityfocuscom/bid/14034/info DUpaypal Pro is prone to multiple SQL-injection vulnerabilities because the fails application to properly sanitize user-supplied input before using it in SQL queries A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities i ...

NVD-CWE-Other http://echo.or.id/adv/adv19-theday-2005.txt http://marc.info/?l=bugtraq&m=111945219205114&w=2 https://nvd.nist.gov https://www.exploit-db.com/exploits/25860/

Get Started

CVE-2005-2046

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect