CVE-2005-3976

Name of the Vulnerable Software and Affected Versions DUamazon version 3.1 DUarticle version 1.1 DUclassified version 4.2 DUdirectory versions 3.0 through 3.1 DUdownload version 1.1 DUgallery version 3.3 DUnews version 1.1 DUpaypal versions 3.0 through 3.1

Description The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the iType parameter in the type.asp file.

Recommendations For DUamazon version 3.1, avoid using the iType parameter in the type.asp file until the issue is resolved. For DUarticle version 1.1, restrict access to the type.asp file to minimize the risk of exploitation. For DUclassified version 4.2, consider disabling the type.asp file until a patch is available. For DUdirectory versions 3.0 through 3.1, restrict the use of the iType parameter in the type.asp file. For DUdownload version 1.1, avoid using the type.asp file until the issue is resolved. For DUgallery version 3.3, consider temporarily removing the type.asp file. For DUnews version 1.1, restrict access to the type.asp file. For DUpaypal versions 3.0 through 3.1, avoid using the iType parameter in the type.asp file until the issue is resolved.