Vulnerability Description
Multiple SQL injection vulnerabilities in DUware DUamazon Pro 3.0 and 3.1 allow remote attackers to execute arbitrary SQL commands via the (1) iCat parameter to cat.asp, (2) iSub parameter to sub.asp, (3) iSub parameter to detail.asp, (4) iPro parameter to review.asp, iCat parameter to (5) catEdit.asp, (6) catDelete.asp, (7) productEdit.asp, or (8) productDelete.asp, or (9) iType parameter to type.asp.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Duware | Duamazon Pro | 3.0 |
References
- http://echo.or.id/adv/adv19-theday-2005.txtExploitVendor Advisory
- http://marc.info/?l=bugtraq&m=111945219205114&w=2
- http://echo.or.id/adv/adv19-theday-2005.txtExploitVendor Advisory
- http://marc.info/?l=bugtraq&m=111945219205114&w=2
FAQ
What is CVE-2005-2046?
CVE-2005-2046 is a vulnerability with a CVSS score of 7.5 (HIGH). Multiple SQL injection vulnerabilities in DUware DUamazon Pro 3.0 and 3.1 allow remote attackers to execute arbitrary SQL commands via the (1) iCat parameter to cat.asp, (2) iSub parameter to sub.asp,...
How severe is CVE-2005-2046?
CVE-2005-2046 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-2046?
Check the references section above for vendor advisories and patch information. Affected products include: Duware Duamazon Pro.