CVE-2005-2046 Information

Description

Multiple SQL injection vulnerabilities in DUware DUamazon Pro 3.0 and 3.1 allow remote attackers to execute arbitrary SQL commands via the (1) iCat parameter to cat.asp (2) iSub parameter to sub.asp (3) iSub parameter to detail.asp (4) iPro parameter to review.asp iCat parameter to (5) catEdit.asp (6) catDelete.asp (7) productEdit.asp or (8) productDelete.asp or (9) iType parameter to type.asp.

Reference

http://echo.or.id/adv/adv19-theday-2005.txt http://marc.info/?l=bugtraq&m=111945219205114&w=2