CVE-2005-2049
published 2005-06-22CVE-2005-2049: Multiple SQL injection vulnerabilities in DUware DUclassmate 1.2 allow remote attackers to execute arbitrary SQL commands via the (1) iState parameter to…
PriorityP339high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
2.41%
82.0th percentile
Multiple SQL injection vulnerabilities in DUware DUclassmate 1.2 allow remote attackers to execute arbitrary SQL commands via the (1) iState parameter to default.asp or (2) iPro parameter to edit.asp.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| duware | duclassmate | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-2h52-qv92-fqx2: SQL injection vulnerability in default
ghsa_unreviewed·2022-05-01·CVSS 7.5
CVE-2006-6355 [HIGH] GHSA-2h52-qv92-fqx2: SQL injection vulnerability in default
SQL injection vulnerability in default.asp in DuWare DuClassmate allows remote attackers to execute arbitrary SQL commands via the iCity parameter. NOTE: the iState parameter is already covered by CVE-2005-2049.
GHSA
GHSA-77qf-7v4v-3v74: Multiple SQL injection vulnerabilities in DUware DUclassmate 1
ghsa_unreviewed·2022-05-01
CVE-2005-2049 [HIGH] GHSA-77qf-7v4v-3v74: Multiple SQL injection vulnerabilities in DUware DUclassmate 1
Multiple SQL injection vulnerabilities in DUware DUclassmate 1.2 allow remote attackers to execute arbitrary SQL commands via the (1) iState parameter to default.asp or (2) iPro parameter to edit.asp.
No detection rules found.
Exploit-DB
DUware DUclassmate 1.x - 'default.asp?iState' SQL Injection
exploitdb·2005-06-01
CVE-2005-2049 DUware DUclassmate 1.x - 'default.asp?iState' SQL Injection
DUware DUclassmate 1.x - 'default.asp?iState' SQL Injection
---
source: https://www.securityfocus.com/bid/14036/info
DUclassmate is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in SQL queries.
A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.
http://www.example.com/DUclassmate/default.asp?iState=[SQL Inject]&nState=Florida
Exploit-DB
DUware DUclassmate 1.x - 'edit.asp?iPro' SQL Injection
exploitdb·2005-06-01
CVE-2005-2049 DUware DUclassmate 1.x - 'edit.asp?iPro' SQL Injection
DUware DUclassmate 1.x - 'edit.asp?iPro' SQL Injection
---
source: https://www.securityfocus.com/bid/14036/info
DUclassmate is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in SQL queries.
A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.
http://www.example.com/DUclassmate/admin/edit.asp?iPro=[SQL Inject]
No writeups or analysis indexed.
2005-06-22
Published