Vulnerabilities > CVE-2005-2046 - Unspecified vulnerability in Duware Duamazon PRO 3.0/3.1
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Multiple SQL injection vulnerabilities in DUware DUamazon Pro 3.0 and 3.1 allow remote attackers to execute arbitrary SQL commands via the (1) iCat parameter to cat.asp, (2) iSub parameter to sub.asp, (3) iSub parameter to detail.asp, (4) iPro parameter to review.asp, iCat parameter to (5) catEdit.asp, (6) catDelete.asp, (7) productEdit.asp, or (8) productDelete.asp, or (9) iType parameter to type.asp.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 |
Exploit-Db
description DUware DUamazon Pro 3.0/3.1 catDelete.asp iCat Parameter SQL Injection. CVE-2005-2046. Webapps exploit for asp platform id EDB-ID:25863 last seen 2016-02-03 modified 2005-06-22 published 2005-06-22 reporter Dedi Dwianto source https://www.exploit-db.com/download/25863/ title DUware DUamazon Pro 3.0/3.1 catDelete.asp iCat Parameter SQL Injection description DUware DUamazon Pro 3.0/3.1 type.asp iType Parameter SQL Injection. CVE-2005-2046. Webapps exploit for php platform id EDB-ID:25860 last seen 2016-02-03 modified 2005-06-22 published 2005-06-22 reporter Dedi Dwianto source https://www.exploit-db.com/download/25860/ title DUware DUamazon Pro 3.0/3.1 type.asp iType Parameter SQL Injection description DUware DUamazon Pro 3.0/3.1 detail.asp iSub Parameter SQL Injection. CVE-2005-2046. Webapps exploit for asp platform id EDB-ID:25865 last seen 2016-02-03 modified 2005-06-22 published 2005-06-22 reporter Dedi Dwianto source https://www.exploit-db.com/download/25865/ title DUware DUamazon Pro 3.0/3.1 detail.asp iSub Parameter SQL Injection description DUware DUamazon Pro 3.0/3.1 review.asp iPro Parameter SQL Injection. CVE-2005-2046. Webapps exploit for asp platform id EDB-ID:25864 last seen 2016-02-03 modified 2005-06-22 published 2005-06-22 reporter Dedi Dwianto source https://www.exploit-db.com/download/25864/ title DUware DUamazon Pro 3.0/3.1 review.asp iPro Parameter SQL Injection
Nessus
NASL family | CGI abuses |
NASL id | DUAMAZON_SQL_INJECTIONS.NASL |
description | The remote host is running DUamazon Pro, an ASP-based storefront from DUware for Amazon affiliates. The installed version of DUamazon Pro fails to properly sanitize user- supplied input in several instances before using it in SQL queries. By exploiting these flaws, an attacker can affect database queries, possibly disclosing sensitive data and launching attacks against the underlying database. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 18565 |
published | 2005-06-28 |
reporter | This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/18565 |
title | DUamazon Pro Multiple Scripts SQL Injection |
code |
|