1. CVE-Search
  2. CVE-2005-3976
ID CVE-2005-3976
Summary SQL injection vulnerability in type.asp, as used in multiple DUware products including (1) DUamazon 3.1, (2) DUarticle 1.1, (3) DUclassified 4.2, (4) DUdirectory 3.1 and DUdirectory Pro 3.0 and 3.0 SQL, (5) DUdownload 1.1, (6) DUgallery 3.3, (7) DUnews 1.1, and (8) DUpaypal 3.1 and DUpaypal Pro 3.0, allows remote attackers to execute arbitrary SQL commands via the iType parameter.
References
Vulnerable Configurations
  • cpe:2.3:a:duware:duamazon:3.1:*:*:*:*:*:*:*
    cpe:2.3:a:duware:duamazon:3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:duware:duarticle:1.1:*:*:*:*:*:*:*
    cpe:2.3:a:duware:duarticle:1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:duware:duclassified:4.2:*:*:*:*:*:*:*
    cpe:2.3:a:duware:duclassified:4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:duware:dudirectory:3.1:*:*:*:*:*:*:*
    cpe:2.3:a:duware:dudirectory:3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:duware:dudirectory_pro:3.0:*:*:*:*:*:*:*
    cpe:2.3:a:duware:dudirectory_pro:3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:duware:dudirectory_pro_sql:3.0:*:*:*:*:*:*:*
    cpe:2.3:a:duware:dudirectory_pro_sql:3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:duware:dudownload:1.1:*:*:*:*:*:*:*
    cpe:2.3:a:duware:dudownload:1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:duware:dugallery:3.3:*:*:*:*:*:*:*
    cpe:2.3:a:duware:dugallery:3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:duware:dunews:1.1:*:*:*:*:*:*:*
    cpe:2.3:a:duware:dunews:1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:duware:dupaypal:3.1:*:*:*:*:*:*:*
    cpe:2.3:a:duware:dupaypal:3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:duware:dupaypal_pro:3.0:*:*:*:*:*:*:*
    cpe:2.3:a:duware:dupaypal_pro:3.0:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 20-07-2017 - 01:29)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
bid 15681
osvdb 21385
secunia 17835
vupen ADV-2005-2700
xf dunews-type-detail-sql-injection(30673)
Last major update 20-07-2017 - 01:29
Published 03-12-2005 - 19:03
Last modified 20-07-2017 - 01:29
Back to Top