Vulnerabilities > CVE-2005-2049 - SQL Injection vulnerability in Duware Duclassmate 1.2

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
duware
nessus
exploit available
NVD
Published: 2005-06-22
Updated: 2016-10-18

Summary

Multiple SQL injection vulnerabilities in DUware DUclassmate 1.2 allow remote attackers to execute arbitrary SQL commands via the (1) iState parameter to default.asp or (2) iPro parameter to edit.asp.

Vulnerable Configurations

Part Description Count
Application
Duware
1

Exploit-Db

  • descriptionDUware DUclassmate 1.x default.asp iState Parameter SQL Injection. CVE-2005-2049. Webapps exploit for asp platform
    idEDB-ID:25872
    last seen2016-02-03
    modified2005-06-01
    published2005-06-01
    reporterDedi Dwianto
    sourcehttps://www.exploit-db.com/download/25872/
    titleDUware DUclassmate 1.x default.asp iState Parameter SQL Injection
  • descriptionDUware DUclassmate 1.x edit.asp iPro Parameter SQL Injection. CVE-2005-2049 . Webapps exploit for asp platform
    idEDB-ID:25873
    last seen2016-02-03
    modified2005-06-01
    published2005-06-01
    reporterDedi Dwianto
    sourcehttps://www.exploit-db.com/download/25873/
    titleDUware DUclassmate 1.x edit.asp iPro Parameter SQL Injection

Nessus

NASL familyCGI abuses
NASL idDUCLASSMATE_SQL_INJECTIONS.NASL
descriptionThe remote host is running DUclassmate, a web-based classmates listing and friends search application from DUware and written in ASP. The installed version of DUclassmate fails to properly sanitize user- supplied input in several instances before using it in SQL queries. By exploiting these flaws, an attacker can affect database queries, possibly disclosing sensitive data and launching attacks against the underlying database.
last seen2020-06-01
modified2020-06-02
plugin id18566
published2005-06-28
reporterThis script is Copyright (C) 2005-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
sourcehttps://www.tenable.com/plugins/nessus/18566
titleDUclassmate Multiple Scripts SQL Injection

References