Описание
Multiple SQL injection vulnerabilities in detail.asp in DUware DUdownload 1.1, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the (1) iFile or (2) action parameter. NOTE: the iType parameter is already covered by CVE-2005-3976.
Ссылки
- Mailing List
- Vendor Advisory
- Broken Link
- ExploitThird Party AdvisoryVDB Entry
- Not Applicable
- Mailing List
- Vendor Advisory
- Broken Link
- ExploitThird Party AdvisoryVDB Entry
- Not Applicable
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:duware:dudownload:1.0:*:*:*:*:*:*:*
cpe:2.3:a:duware:dudownload:1.1:*:*:*:*:*:*:*
cpe:2.3:a:duware:dunews:1.0:*:*:*:*:*:*:*
cpe:2.3:a:duware:dunews:1.1:*:*:*:*:*:*:*
cpe:2.3:a:duware:dupaypal:3.0:*:*:*:*:*:*:*
cpe:2.3:a:duware:dupaypal:3.1:*:*:*:*:*:*:*
cpe:2.3:a:duware:dupaypal:pro_3.0:*:*:*:*:*:*:*
cpe:2.3:a:duware:dupaypal:pro_3.1:*:*:*:*:*:*:*
EPSS
Процентиль: 86%
0.02927
Низкий
7.5 High
CVSS2
Дефекты
CWE-89
Связанные уязвимости
github
почти 4 года назад
Multiple SQL injection vulnerabilities in detail.asp in DUware DUdownload 1.1, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the (1) iFile or (2) action parameter. NOTE: the iType parameter is already covered by CVE-2005-3976.
EPSS
Процентиль: 86%
0.02927
Низкий
7.5 High
CVSS2
Дефекты
CWE-89