CVE-2006-6354

Exploit

EPSS 1.32%
Veröffentlicht 07.12.2006 01:28:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Multiple SQL injection vulnerabilities in detail.asp in DuWare DuNews allow remote attackers to execute arbitrary SQL commands via the (1) iNews, (2) iType, or (3) Action parameter.  NOTE: the iType parameter in type.asp is covered by CVE-2005-3976.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 10

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Duware ≫ Duamazon Version3.0

Duware ≫ Duamazon Version3.1

Duware ≫ Duarticle Version1.0

Duware ≫ Duarticle Version1.1

Duware ≫ Duclassified Version4.0

Duware ≫ Duclassified Version4.1

Duware ≫ Duclassified Version4.2

Duware ≫ Dudirectory Version3.0

Duware ≫ Dudirectory Version3.1

Duware ≫ Dudirectory Pro Version3.0

Duware ≫ Dudirectory Pro Version3.1

Duware ≫ Dudirectory Pro Sql Version3.0

Duware ≫ Dudirectory Pro Sql Version3.1

Duware ≫ Dudownload Version1.0

Duware ≫ Dudownload Version1.1

Duware ≫ Dugallery Version3.0

Duware ≫ Dugallery Version3.1

Duware ≫ Dugallery Version3.2

Duware ≫ Dugallery Version3.3

Duware ≫ Dunews Version1.0

Duware ≫ Dunews Version1.1

Duware ≫ Dupaypal Version3.0

Duware ≫ Dupaypal Version3.1

Duware ≫ Dupaypal Pro Version3.0

Duware ≫ Dupaypal Pro Version3.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.32%	0.795

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

Es wurden noch keine Informationen zu CWE veröffentlicht.

http://www.securityfocus.com/bid/15681

https://exchange.xforce.ibmcloud.com/vulnerabilities/30673

http://secunia.com/advisories/23228

Patch

Vendor Advisory

http://securityreason.com/securityalert/1996

http://www.aria-security.com/forum/showthread.php?t=61

Exploit

http://www.securityfocus.com/archive/1/453317/100/0/threaded

http://www.vupen.com/english/advisories/2006/4834

https://nvd.nist.gov/vuln/detail/CVE-2006-6354

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2006-6354

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2006-6354

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2006-6354