3 matches found
CVE-2006-6355
CVE-2006-6355 describes an SQL injection in DUware DUclassmate (default.asp via the iCity parameter; iState is covered by CVE-2005-2049). The issue arises from inadequate input sanitization, allowing remote attackers to execute arbitrary SQL commands. Connected sources corroborate the vulnerabili...
CVE-2005-2049
CVE-2005-2049 affects DuWare Duclassmate 1.2. The vulnerability is a SQL injection in the ASP web app where unsanitized input from (1) iState to default.asp and (2) iPro to edit.asp is used in SQL queries. This allows remote attackers to execute arbitrary SQL commands and potentially access/modif...
CVE-2004-2198
The CVE-2004-2198 entry relates to DUware DUclassmate 1.0–1.1, where an attacker can remotely change arbitrary user passwords by tampering with the MM_recordId parameter on the My Account page. The connected data also note related issues in DUware products (e.g., DUclassmate, DUclassified, DUforu...