[原文]Multiple SQL injection vulnerabilities in DUware DUclassified 4.0 through 4.2 allows remote attackers to bypass authentication and execute other commands on the server's underlying database via the (1) cat_id or (2) sub_id parameters in adDetail.asp, or (2) the password parameter in the login form.
Multiple vulnerabilities have been identified in the software that may allow a remote attacker to carry out SQL injection and HTML injection attacks. An attacker may also gain unauthorized access to a user's account.
DUclassmate may allow unauthorized remote attackers to gain access to a computer.
DUclassified is reported prone to multiple SQL injection vulnerabilities.
SQL injection issues also affect DUforum.
DUclassified and DUforum are also reported vulnerable to various unspecified HTML injection vulnerabilities.
http://www.example.com/DUclassified/adDetail.asp?cat_id=1;[SQL INJECT]&sub_id=1;[SQL INJECT]
DUclassified Admin Page user Parameter SQL Injection
Remote / Network Access
Loss of Confidentiality,
Loss of Integrity
DUclassified contains a flaw that will allow an attacker to inject arbitrary SQL code. The problem is that the "user" variable in the admin page is not verified properly and will allow an attacker to inject or manipulate SQL queries.
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.