CVE-2005-3976 Information

Description

SQL injection vulnerability in type.asp as used in multiple DUware products including (1) DUamazon 3.1 (2) DUarticle 1.1 (3) DUclassified 4.2 (4) DUdirectory 3.1 and DUdirectory Pro 3.0 and 3.0 SQL (5) DUdownload 1.1 (6) DUgallery 3.3 (7) DUnews 1.1 and (8) DUpaypal 3.1 and DUpaypal Pro 3.0 allows remote attackers to execute arbitrary SQL commands via the iType parameter.

Reference

http://secunia.com/advisories/17835 http://www.osvdb.org/21385 http://www.securityfocus.com/bid/15681 http://www.vupen.com/english/advisories/2005/2700 https://exchange.xforce.ibmcloud.com/vulnerabilities/30673