CVE-2006-6367

critical

Description

Multiple SQL injection vulnerabilities in detail.asp in DUware DUdownload 1.1, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the (1) iFile or (2) action parameter. NOTE: the iType parameter is already covered by CVE-2005-3976.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/30669

http://www.vupen.com/english/advisories/2006/4845

http://secunia.com/advisories/23224

http://marc.info/?l=bugtraq&m=116508632603388&w=2

Details

Source: Mitre, NVD

Published: 2006-12-07

Updated: 2017-07-29

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical