CVE-2006-6354 Information

Feb 14, 2021 cve

Description

Multiple SQL injection vulnerabilities in detail.asp in DuWare DuNews allow remote attackers to execute arbitrary SQL commands via the (1) iNews (2) iType or (3) Action parameter. NOTE: the iType parameter in type.asp is covered by CVE-2005-3976.

Reference

http://secunia.com/advisories/23228 http://securityreason.com/securityalert/1996 http://www.aria-security.com/forum/showthread.php?t=61 http://www.securityfocus.com/archive/1/453317/100/0/threaded http://www.securityfocus.com/bid/15681 http://www.vupen.com/english/advisories/2006/4834 https://exchange.xforce.ibmcloud.com/vulnerabilities/30673

Share on: