cbcvebase.
CVE-2005-3976
published 2005-12-03

CVE-2005-3976: SQL injection vulnerability in type.asp, as used in multiple DUware products including (1) DUamazon 3.1, (2) DUarticle 1.1, (3) DUclassified 4.2, (4)…

PriorityP433high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
1.21%
64.6th percentile
SQL injection vulnerability in type.asp, as used in multiple DUware products including (1) DUamazon 3.1, (2) DUarticle 1.1, (3) DUclassified 4.2, (4) DUdirectory 3.1 and DUdirectory Pro 3.0 and 3.0 SQL, (5) DUdownload 1.1, (6) DUgallery 3.3, (7) DUnews 1.1, and (8) DUpaypal 3.1 and DUpaypal Pro 3.0, allows remote attackers to execute arbitrary SQL commands via the iType parameter.

Affected

27 ranges· showing 25
VendorProductVersion rangeFixed in
duwareduamazon
duwareduamazon
duwareduarticle
duwareduarticle
duwareduclassified
duwareduclassified
duwareduclassified
duwaredudirectory
duwaredudirectory
duwaredudirectory_pro
duwaredudirectory_pro
duwaredudirectory_pro_sql
duwaredudirectory_pro_sql
duwaredudownload
duwaredudownload
duwaredugallery
duwaredugallery
duwaredugallery
duwaredugallery
duwaredunews
duwaredunews
duwaredupaypal
duwaredupaypal
duwaredupaypal
duwaredupaypal
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.