Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple SQL injection vulnerabilities in DUware DUamazon Pro 3.0 and 3.1 allow remote attackers to execute arbitrary SQL commands via the (1) iCat parameter to cat.asp, (2) iSub parameter to sub.asp, (3) iSub parameter to detail.asp, (4) iPro parameter to review.asp, iCat parameter to (5) catEdit.asp, (6) catDelete.asp, (7) productEdit.asp, or (8) productDelete.asp, or (9) iType parameter to type.asp.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
DUware DUamazon Pro 多个SQL注入漏洞
Vulnerability Description
DUware DUamazon Pro 3.0和3.1版本中存在多个SQL注入漏洞,远程攻击者可借助:(1)提交到cat.asp的iCat参数,(2)到sub.asp的iSub参数,(3)到detail.asp的iSub参数,(4)到review.asp的iPro参数,(5)到catEdit.asp,(6)catDelete.asp, (7)productEdit.asp,或(8)productDelete.asp的iCat参数,或(9)提交到type.asp的iType参数,来执行任意SQL指令。
CVSS Information
N/A
Vulnerability Type
N/A