CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2002-0995

login.php for PHPAuction allows remote attackers to gain privileges via a direct call to login.php with the action parameter set to "insert," which adds the provided username to the adminUsers table.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.032

EPSS Ranking 86.5%

CVSS Severity

CVSS v2 Score 7.5

References

http://archives.neohapsis.com/archives/bugtraq/2002-07/0014.html
http://www.iss.net/security_center/static/9462.php
http://www.phpauction.org/viewnew.php?id=5
http://www.securityfocus.com/bid/5141
http://archives.neohapsis.com/archives/bugtraq/2002-07/0014.html
http://www.iss.net/security_center/static/9462.php
http://www.phpauction.org/viewnew.php?id=5
http://www.securityfocus.com/bid/5141

Products affected by CVE-2002-0995

Gianluca Baldo » Phpauction » Version: 1.2

cpe:2.3:a:gianluca_baldo:phpauction:1.2
Gianluca Baldo » Phpauction » Version: 1.3

cpe:2.3:a:gianluca_baldo:phpauction:1.3
Gianluca Baldo » Phpauction » Version: 2.0

cpe:2.3:a:gianluca_baldo:phpauction:2.0
Gianluca Baldo » Phpauction » Version: 2.1

cpe:2.3:a:gianluca_baldo:phpauction:2.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2002-0995

Products

Pricing

Contact Us