Unrated severityNVD Advisory· Published Dec 7, 2006· Updated Apr 23, 2026
CVE-2006-6354
CVE-2006-6354
Description
Multiple SQL injection vulnerabilities in detail.asp in DuWare DuNews allow remote attackers to execute arbitrary SQL commands via the (1) iNews, (2) iType, or (3) Action parameter. NOTE: the iType parameter in type.asp is covered by CVE-2005-3976.
Affected products
25cpe:2.3:a:duware:duclassified:4.0:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:duware:duclassified:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:duware:duclassified:4.1:*:*:*:*:*:*:*
- cpe:2.3:a:duware:duclassified:4.2:*:*:*:*:*:*:*
cpe:2.3:a:duware:dudirectory:3.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:duware:dudirectory:3.0:*:*:*:*:*:*:*
- cpe:2.3:a:duware:dudirectory:3.1:*:*:*:*:*:*:*
cpe:2.3:a:duware:dudirectory_pro:3.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:duware:dudirectory_pro:3.0:*:*:*:*:*:*:*
- cpe:2.3:a:duware:dudirectory_pro:3.1:*:*:*:*:*:*:*
cpe:2.3:a:duware:dudirectory_pro_sql:3.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:duware:dudirectory_pro_sql:3.0:*:*:*:*:*:*:*
- cpe:2.3:a:duware:dudirectory_pro_sql:3.1:*:*:*:*:*:*:*
cpe:2.3:a:duware:dudownload:1.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:duware:dudownload:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:duware:dudownload:1.1:*:*:*:*:*:*:*
cpe:2.3:a:duware:dupaypal_pro:3.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:duware:dupaypal_pro:3.0:*:*:*:*:*:*:*
- cpe:2.3:a:duware:dupaypal_pro:3.1:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
7- secunia.com/advisories/23228nvdPatchVendor Advisory
- www.aria-security.com/forum/showthread.phpnvdExploit
- securityreason.com/securityalert/1996nvd
- www.securityfocus.com/archive/1/453317/100/0/threadednvd
- www.securityfocus.com/bid/15681nvd
- www.vupen.com/english/advisories/2006/4834nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/30673nvd
News mentions
0No linked articles in our index yet.