Multiple SQL injection vulnerabilities in detail.asp in DUware DUdownload 1.1, and possibly earlier, allow remote malicious users to execute arbitrary SQL commands via the (1) iFile or (2) action parameter. NOTE: the iType parameter is already covered by CVE-2005-3976.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
duware dunews 1.0 |
||
duware dunews 1.1 |
||
duware dudownload 1.0 |
||
duware dudownload 1.1 |
||
duware dupaypal 3.0 |
||
duware dupaypal 3.1 |
||
duware dupaypal pro_3.0 |
||
duware dupaypal pro_3.1 |