Vulnerabilities > CVE-2005-2049 - Unspecified vulnerability in Duware Duclassmate 1.2

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
duware
nessus
exploit available
NVD
Published: 2005-06-22
Updated: 2024-11-20

Summary

Multiple SQL injection vulnerabilities in DUware DUclassmate 1.2 allow remote attackers to execute arbitrary SQL commands via the (1) iState parameter to default.asp or (2) iPro parameter to edit.asp.

Vulnerable Configurations

Part Description Count
Application
Duware
1

Exploit-Db

  • descriptionDUware DUclassmate 1.x default.asp iState Parameter SQL Injection. CVE-2005-2049. Webapps exploit for asp platform
    idEDB-ID:25872
    last seen2016-02-03
    modified2005-06-01
    published2005-06-01
    reporterDedi Dwianto
    sourcehttps://www.exploit-db.com/download/25872/
    titleDUware DUclassmate 1.x default.asp iState Parameter SQL Injection
  • descriptionDUware DUclassmate 1.x edit.asp iPro Parameter SQL Injection. CVE-2005-2049 . Webapps exploit for asp platform
    idEDB-ID:25873
    last seen2016-02-03
    modified2005-06-01
    published2005-06-01
    reporterDedi Dwianto
    sourcehttps://www.exploit-db.com/download/25873/
    titleDUware DUclassmate 1.x edit.asp iPro Parameter SQL Injection

Nessus

NASL familyCGI abuses
NASL idDUCLASSMATE_SQL_INJECTIONS.NASL
descriptionThe remote host is running DUclassmate, a web-based classmates listing and friends search application from DUware and written in ASP. The installed version of DUclassmate fails to properly sanitize user- supplied input in several instances before using it in SQL queries. By exploiting these flaws, an attacker can affect database queries, possibly disclosing sensitive data and launching attacks against the underlying database.
last seen2020-06-01
modified2020-06-02
plugin id18566
published2005-06-28
reporterThis script is Copyright (C) 2005-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
sourcehttps://www.tenable.com/plugins/nessus/18566
titleDUclassmate Multiple Scripts SQL Injection

References