cbcvebase.
CVE-2006-6354
published 2006-12-07

CVE-2006-6354: Multiple SQL injection vulnerabilities in detail.asp in DuWare DuNews allow remote attackers to execute arbitrary SQL commands via the (1) iNews, (2) iType, or…

PriorityP337high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
1.62%
73.1th percentile
Multiple SQL injection vulnerabilities in detail.asp in DuWare DuNews allow remote attackers to execute arbitrary SQL commands via the (1) iNews, (2) iType, or (3) Action parameter. NOTE: the iType parameter in type.asp is covered by CVE-2005-3976.

Affected

25 ranges
VendorProductVersion rangeFixed in
duwareduamazon
duwareduamazon
duwareduarticle
duwareduarticle
duwareduclassified
duwareduclassified
duwareduclassified
duwaredudirectory
duwaredudirectory
duwaredudirectory_pro
duwaredudirectory_pro
duwaredudirectory_pro_sql
duwaredudirectory_pro_sql
duwaredudownload
duwaredudownload
duwaredugallery
duwaredugallery
duwaredugallery
duwaredugallery
duwaredunews
duwaredunews
duwaredupaypal
duwaredupaypal
duwaredupaypal_pro
duwaredupaypal_pro
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.