CVE-2006-6367 - Vulnerability Details - OpenCVE

Multiple SQL injection vulnerabilities in detail.asp in DUware DUdownload 1.1, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the (1) iFile or (2) action parameter. NOTE: the iType parameter is already covered by CVE-2005-3976.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Duware	Dudownload Dunews Dupaypal

Configuration 1 [-]

OR	cpe:2.3:a:duware:dudownload:1.0:::::::*
	cpe:2.3:a:duware:dudownload:1.1:::::::*
	cpe:2.3:a:duware:dunews:1.0:::::::*
	cpe:2.3:a:duware:dunews:1.1:::::::*
	cpe:2.3:a:duware:dupaypal:3.0:::::::*
	cpe:2.3:a:duware:dupaypal:3.1:::::::*
	cpe:2.3:a:duware:dupaypal:pro_3.0:::::::*
	cpe:2.3:a:duware:dupaypal:pro_3.1:::::::*

No data.

References

Link	Providers
http://marc.info/?l=bugtraq&m=116508632603388&w=2
http://secunia.com/advisories/23224
http://www.aria-security.com/forum/showthread.php?t=60
http://www.securityfocus.com/bid/21405
http://www.vupen.com/english/advisories/2006/4845
https://exchange.xforce.ibmcloud.com/vulnerabilities/30669

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2006-12-07T11:00:00

Updated: 2024-08-07T20:26:46.058Z

Reserved: 2006-12-06T00:00:00

Link: CVE-2006-6367

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2006-12-07T11:28:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2006-6367

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-12-02T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple SQL injection vulnerabilities in detail.asp in DUware DUdownload 1.1, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the (1) iFile or (2) action parameter. NOTE: the iType parameter is already covered by CVE-2005-3976."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "21405", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/21405"}, {"name": "23224", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/23224"}, {"name": "dudownload-type-sql-injection(30669)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30669"}, {"name": "ADV-2006-4845", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/4845"}, {"tags": ["x_refsource_MISC"], "url": "http://www.aria-security.com/forum/showthread.php?t=60"}, {"name": "20061202 [Aria-Security Team] DuWare DuDownloads SQL Injection Vuln", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://marc.info/?l=bugtraq&m=116508632603388&w=2"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-6367", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple SQL injection vulnerabilities in detail.asp in DUware DUdownload 1.1, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the (1) iFile or (2) action parameter. NOTE: the iType parameter is already covered by CVE-2005-3976."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "21405", "refsource": "BID", "url": "http://www.securityfocus.com/bid/21405"}, {"name": "23224", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/23224"}, {"name": "dudownload-type-sql-injection(30669)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30669"}, {"name": "ADV-2006-4845", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/4845"}, {"name": "http://www.aria-security.com/forum/showthread.php?t=60", "refsource": "MISC", "url": "http://www.aria-security.com/forum/showthread.php?t=60"}, {"name": "20061202 [Aria-Security Team] DuWare DuDownloads SQL Injection Vuln", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq&m=116508632603388&w=2"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T20:26:46.058Z"}, "title": "CVE Program Container", "references": [{"name": "21405", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/21405"}, {"name": "23224", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/23224"}, {"name": "dudownload-type-sql-injection(30669)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30669"}, {"name": "ADV-2006-4845", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2006/4845"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.aria-security.com/forum/showthread.php?t=60"}, {"name": "20061202 [Aria-Security Team] DuWare DuDownloads SQL Injection Vuln", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=116508632603388&w=2"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-6367", "datePublished": "2006-12-07T11:00:00", "dateReserved": "2006-12-06T00:00:00", "dateUpdated": "2024-08-07T20:26:46.058Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:duware:dudownload:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "563FBC8D-1F76-469D-9EBA-0F72C7031F76", "vulnerable": true}, {"criteria": "cpe:2.3:a:duware:dudownload:1.1:*:*:*:*:*:*:*", "matchCriteriaId": "2D01D83B-E504-417B-A9D5-38CF615B8BAB", "vulnerable": true}, {"criteria": "cpe:2.3:a:duware:dunews:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "6F183985-8F71-4E78-86E8-48B962A1EB67", "vulnerable": true}, {"criteria": "cpe:2.3:a:duware:dunews:1.1:*:*:*:*:*:*:*", "matchCriteriaId": "1F62C8A9-7F36-474B-90E6-3B575BC99E05", "vulnerable": true}, {"criteria": "cpe:2.3:a:duware:dupaypal:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "AE893D34-DC7F-40FA-9197-E8B627B70EB8", "vulnerable": true}, {"criteria": "cpe:2.3:a:duware:dupaypal:3.1:*:*:*:*:*:*:*", "matchCriteriaId": "A1A3906D-2606-4E5A-9AB3-00609152376E", "vulnerable": true}, {"criteria": "cpe:2.3:a:duware:dupaypal:pro_3.0:*:*:*:*:*:*:*", "matchCriteriaId": "AA64329B-13DE-42A0-9DC9-F77CAE0ED60A", "vulnerable": true}, {"criteria": "cpe:2.3:a:duware:dupaypal:pro_3.1:*:*:*:*:*:*:*", "matchCriteriaId": "194ABFD6-913D-4F5A-A5A8-B160B77BD19E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple SQL injection vulnerabilities in detail.asp in DUware DUdownload 1.1, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the (1) iFile or (2) action parameter. NOTE: the iType parameter is already covered by CVE-2005-3976."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n SQL en detail.asp de DUware DUdownload 1.1, y posiblemente anteriores, permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n mediante los par\u00e1metros (1) iFile o (2) action. NOTA: el par\u00e1metro iType ya est\u00e1 cubierto por CVE-2005-3976."}], "id": "CVE-2006-6367", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-12-07T11:28:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Mailing List"], "url": "http://marc.info/?l=bugtraq&m=116508632603388&w=2"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/23224"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://www.aria-security.com/forum/showthread.php?t=60"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/21405"}, {"source": "cve@mitre.org", "tags": ["Not Applicable"], "url": "http://www.vupen.com/english/advisories/2006/4845"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30669"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"], "url": "http://marc.info/?l=bugtraq&m=116508632603388&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/23224"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://www.aria-security.com/forum/showthread.php?t=60"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/21405"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Not Applicable"], "url": "http://www.vupen.com/english/advisories/2006/4845"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30669"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "nvd@nist.gov", "type": "Primary"}]}