CVEDB API

Vulnerabilities

Vulnerable Software

Phpauctions: Security Vulnerabilities

CVE-2008-6663

SQL injection vulnerability in profile.php in PHPAuctions.info PHPAuctions (aka PHPAuctionSystem) allows remote attackers to execute arbitrary SQL commands via the auction_id parameter, a different vector than CVE-2009-0106.

CVSS Score

7.5

EPSS Score

0.001

Published

2009-04-08

CVE-2009-0106

SQL injection vulnerability in profile.php in PHPAuctions (aka PHPAuctionSystem) allows remote attackers to execute arbitrary SQL commands via the user_id parameter.

CVSS Score

7.5

EPSS Score

0.002

Published

2009-01-09

CVE-2009-0107

Cross-site scripting (XSS) vulnerability in profile.php in PHPAuctions (aka PHPAuctionSystem) allows remote attackers to inject arbitrary web script or HTML via the user_id parameter.

CVSS Score

4.3

EPSS Score

0.013

Published

2009-01-09

CVE-2009-0108

PHPAuctions (aka PHPAuctionSystem) allows remote attackers to bypass authentication and gain administrative access via modified (1) PHPAUCTION_RM_ID, (2) PHPAUCTION_RM_NAME, (3) PHPAUCTION_RM_USERNAME, and (4) PHPAUCTION_RM_EMAIL cookies.

CVSS Score

7.5

EPSS Score

0.026

Published

2009-01-09

CVE-2008-3487

SQL injection vulnerability in profile.php in PHPAuction GPL Enhanced 2.51 allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVSS Score

7.5

EPSS Score

0.002

Published

2008-08-06

Page 1

Vulnerabilities

Vulnerable Software

Phpauctions: Security Vulnerabilities

Products

Pricing

Contact Us