Unrated severityNVD Advisory· Published Dec 7, 2006· Updated Apr 23, 2026

CVE-2006-6367

Description

Multiple SQL injection vulnerabilities in detail.asp in DUware DUdownload 1.1, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the (1) iFile or (2) action parameter. NOTE: the iType parameter is already covered by CVE-2005-3976.

Affected products

Duware/Dudownload2 versions
cpe:2.3:a:duware:dudownload:1.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:duware:dudownload:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:duware:dudownload:1.1:*:*:*:*:*:*:*
Duware/Dunews2 versions
cpe:2.3:a:duware:dunews:1.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:duware:dunews:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:duware:dunews:1.1:*:*:*:*:*:*:*
Duware/Dupaypal4 versions
cpe:2.3:a:duware:dupaypal:3.0:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:duware:dupaypal:3.0:*:*:*:*:*:*:*
- cpe:2.3:a:duware:dupaypal:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:duware:dupaypal:pro_3.0:*:*:*:*:*:*:*
- cpe:2.3:a:duware:dupaypal:pro_3.1:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/21405nvdExploitThird Party AdvisoryVDB Entry
secunia.com/advisories/23224nvdVendor Advisory
marc.infonvdMailing List
www.aria-security.com/forum/showthread.phpnvdBroken Link
www.vupen.com/english/advisories/2006/4845nvdNot Applicable
exchange.xforce.ibmcloud.com/vulnerabilities/30669nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.002
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000