CVE-2005-2049

DUware DUclassmate 1.2 - SQL Injection via iState or iPro Parameter

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2005-2049. PoCs published by Dedi Dwianto.

AI-analyzed exploit summary The provided text describes a SQL injection vulnerability in DUclassmate, specifically in the 'admin/edit.asp' endpoint via the 'iPro' parameter. It lacks executable exploit code but outlines the vulnerability and potential impact.

Description

Multiple SQL injection vulnerabilities in DUware DUclassmate 1.2 allow remote attackers to execute arbitrary SQL commands via the (1) iState parameter to default.asp or (2) iPro parameter to edit.asp.

Exploits (2)

exploitdb WRITEUP VERIFIED

by Dedi Dwianto · textwebappsasp

https://www.exploit-db.com/exploits/25873

View Code ZIP pw:eip

The provided text describes a SQL injection vulnerability in DUclassmate, specifically in the 'admin/edit.asp' endpoint via the 'iPro' parameter. It lacks executable exploit code but outlines the vulnerability and potential impact.

Classification

Writeup 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Theoretical

Target: DUclassmate (version unspecified)

No auth needed

Prerequisites: Access to the vulnerable endpoint

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WRITEUP VERIFIED

by Dedi Dwianto · textwebappsasp

https://www.exploit-db.com/exploits/25872

View Code ZIP pw:eip

The provided text describes a SQL injection vulnerability in DUclassmate, where the 'iState' parameter in the URL is not properly sanitized. This allows attackers to inject malicious SQL queries, potentially compromising the application or underlying database.

Classification

Writeup 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Theoretical

Target: DUclassmate (version not specified)

No auth needed

Prerequisites: Access to the vulnerable URL endpoint

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Mailing List mailing-list x_refsource_bugtraq

http://marc.info/?l=bugtraq&m=111945219205114&w=2

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/14036

Exploit, Vendor Advisory x_refsource_misc

http://echo.or.id/adv/adv19-theday-2005.txt

Scores

EPSS 0.0241

EPSS Percentile 82.0%

Details

Status published

Products (1)

duware/duclassmate 1.2

Published Jun 22, 2005

Tracked Since Feb 18, 2026