Описание
SQL injection vulnerability in detail.asp in DUware DUpaypal 3.1, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the iType parameter. NOTE: the iState parameter is already covered by CVE-2005-3976 and the iPro parameter is already covered by CVE-2005-2047.
SQL injection vulnerability in detail.asp in DUware DUpaypal 3.1, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the iType parameter. NOTE: the iState parameter is already covered by CVE-2005-3976 and the iPro parameter is already covered by CVE-2005-2047.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2006-6365
- https://exchange.xforce.ibmcloud.com/vulnerabilities/30666
- http://secunia.com/advisories/23222
- http://securityreason.com/securityalert/1987
- http://www.aria-security.com/forum/showthread.php?t=62
- http://www.securityfocus.com/archive/1/453332/100/0/threaded
- http://www.securityfocus.com/bid/14034
- http://www.vupen.com/english/advisories/2006/4846
EPSS
CVE ID
Связанные уязвимости
SQL injection vulnerability in detail.asp in DUware DUpaypal 3.1, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the iType parameter. NOTE: the iState parameter is already covered by CVE-2005-3976 and the iPro parameter is already covered by CVE-2005-2047.
EPSS