Vulnerabilities > CVE-2006-6355 - SQL Injection vulnerability in DUClassmate ICity Parameter

047910
CVSS 10.0 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
low complexity
duware
critical
exploit available
NVD
Published: 2006-12-07
Updated: 2018-10-17

Summary

SQL injection vulnerability in default.asp in DuWare DuClassmate allows remote attackers to execute arbitrary SQL commands via the iCity parameter. NOTE: the iState parameter is already covered by CVE-2005-2049.

Vulnerable Configurations

Part Description Count
Application
Duware
1

Exploit-Db

descriptionDUClassmate 1.x ICity Parameter SQL Injection Vulnerability. CVE-2006-6355. Webapps exploit for asp platform
idEDB-ID:30250
last seen2016-02-03
modified2006-12-02
published2006-12-02
reporterAria-Security Team
sourcehttps://www.exploit-db.com/download/30250/
titleDUClassmate 1.x ICity Parameter SQL Injection Vulnerability

References