CVE-2005-2046

DUware DUamazon Pro 3.0-3.1 - SQL Injection via Multiple Parameters

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 7 public exploits for CVE-2005-2046. PoCs published by Dedi Dwianto.

AI-analyzed exploit summary The provided text describes a SQL injection vulnerability in DUamazon Pro, where the 'iType' parameter in 'type.asp' is not properly sanitized. It lacks actual exploit code but outlines the vulnerability and potential impact.

Description

Multiple SQL injection vulnerabilities in DUware DUamazon Pro 3.0 and 3.1 allow remote attackers to execute arbitrary SQL commands via the (1) iCat parameter to cat.asp, (2) iSub parameter to sub.asp, (3) iSub parameter to detail.asp, (4) iPro parameter to review.asp, iCat parameter to (5) catEdit.asp, (6) catDelete.asp, (7) productEdit.asp, or (8) productDelete.asp, or (9) iType parameter to type.asp.

Exploits (7)

exploitdb WRITEUP VERIFIED
by Dedi Dwianto · textwebappsphp
https://www.exploit-db.com/exploits/25860

The provided text describes a SQL injection vulnerability in DUamazon Pro, where the 'iType' parameter in 'type.asp' is not properly sanitized. It lacks actual exploit code but outlines the vulnerability and potential impact.

Classification
Writeup 80%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: DUamazon Pro
No auth needed
Prerequisites: Access to the vulnerable endpoint
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by Dedi Dwianto · textwebappsphp
https://www.exploit-db.com/exploits/25862

The provided text describes a SQL injection vulnerability in DUamazon Pro, specifically in the 'productEdit.asp' page. It highlights the lack of input sanitization, which could lead to data compromise or further exploitation of the underlying database.

Classification
Writeup 80%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: DUamazon Pro
No auth needed
Prerequisites: Access to the vulnerable URL
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by Dedi Dwianto · textwebappsphp
https://www.exploit-db.com/exploits/25861

The provided text describes SQL injection vulnerabilities in DUamazon Pro, specifically in the productDelete.asp page via the iPro and iCat parameters. It lacks executable exploit code but outlines the vulnerability and potential impact.

Classification
Writeup 80%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: DUamazon Pro (version unspecified)
No auth needed
Prerequisites: Access to the vulnerable admin/productDelete.asp endpoint
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by Dedi Dwianto · textwebappsasp
https://www.exploit-db.com/exploits/25867

The provided text describes a SQL injection vulnerability in DUpaypal Pro, where the 'iSub' parameter in the 'sub.asp' page is not properly sanitized. This allows attackers to manipulate SQL queries, potentially compromising the application or underlying database.

Classification
Writeup 80%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: DUpaypal Pro
No auth needed
Prerequisites: Access to the vulnerable 'sub.asp' page
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by Dedi Dwianto · textwebappsasp
https://www.exploit-db.com/exploits/25864

The provided text describes SQL injection vulnerabilities in DUamazon Pro due to improper input sanitization. It includes a sample URL demonstrating the vulnerability but lacks executable exploit code.

Classification
Writeup 80%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: DUamazon Pro
No auth needed
Prerequisites: Access to the vulnerable application URL
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by Dedi Dwianto · textwebappsasp
https://www.exploit-db.com/exploits/25865

The provided text describes a SQL injection vulnerability in DUamazon Pro, where user-supplied input is not properly sanitized in the 'detail.asp' page. The example URL demonstrates a potential injection point via the 'iPro' and 'iSub' parameters.

Classification
Writeup 80%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: DUamazon Pro
No auth needed
Prerequisites: Access to the vulnerable application URL
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by Dedi Dwianto · textwebappsasp
https://www.exploit-db.com/exploits/25863

The provided text describes a SQL injection vulnerability in DUamazon Pro, specifically in the 'catDelete.asp' endpoint via the 'iCat' parameter. It lacks executable exploit code but outlines the vulnerability and potential impact.

Classification
Writeup 80%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: DUamazon Pro
No auth needed
Prerequisites: Access to the vulnerable endpoint
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=111945219205114&w=2
Exploit, Vendor Advisory x_refsource_misc
http://echo.or.id/adv/adv19-theday-2005.txt

Scores

EPSS 0.0208
EPSS Percentile 79.1%

Details

Status published
Products (2)
duware/duamazon_pro 3.0
duware/duamazon_pro 3.1
Published Jun 22, 2005
Tracked Since Feb 18, 2026