Vulnerability Details CVE-2005-3937
SQL injection vulnerability in Softbiz B2B Trading Marketplace Script 1.1 and earler allows remote attackers to execute arbitrary SQL commands via the cid parameter in (1) selloffers.php, (2) buyoffers.php, (3) products.php, or (4) profiles.php.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 70.3%
CVSS Severity
CVSS v2 Score 7.5
References
- http://pridels0.blogspot.com/2005/11/softbiz-b2b-trading-marketplace-script.html
- http://secunia.com/advisories/17808
- http://www.osvdb.org/21252
- http://www.osvdb.org/21253
- http://www.osvdb.org/21254
- http://www.osvdb.org/21255
- http://www.securityfocus.com/bid/15652
- http://pridels0.blogspot.com/2005/11/softbiz-b2b-trading-marketplace-script.html
- http://secunia.com/advisories/17808
- http://www.osvdb.org/21252
- http://www.osvdb.org/21253
- http://www.osvdb.org/21254
- http://www.osvdb.org/21255
- http://www.securityfocus.com/bid/15652
Products affected by CVE-2005-3937
-
cpe:2.3:a:softbiz:b2b_trading_marketplace_script:*