CVE-2006-6354
CVE-2006-6354 and related CVEs describe multiple SQL injection vulnerabilities in DuWare DUNews (and DUNews-family) detail.asp, allowing remote attackers to inject SQL via the (1) iNews, (2) iType, or (3) Action parameters. The iType parameter in type.asp is already covered by CVE-2005-3976. The ...