DUClassmate 1.x ICity Parameter SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/24637/info DUClassmate is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to...

CVE-2006-6355

CVE-2006-6355 describes an SQL injection in DUware DUclassmate (default.asp via the iCity parameter; iState is covered by CVE-2005-2049). The issue arises from inadequate input sanitization, allowing remote attackers to execute arbitrary SQL commands. Connected sources corroborate the vulnerabili...