Unrated severityNVD Advisory· Published Apr 6, 2005· Updated Apr 16, 2026

CVE-2005-1029

Description

Multiple SQL injection vulnerabilities in Active Auction House allow remote attackers to execute arbitrary SQL commands via the (1) catid, (2) SortDir, or (3) Sortby parameter to default.asp, (4) itemID parameter to ItemInfo.asp, or (5) Email field to sendpassword.asp.

Affected products

Activewebsoftwares/Active Auction House
cpe:2.3:a:active_web_softwares:active_auction_house:7.1:*:pro:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/13032nvdExploitVendor Advisory
www.securityfocus.com/bid/13034nvdExploitVendor Advisory
secunia.com/advisories/14839nvdVendor Advisory
www.securityfocus.com/bid/13035nvdVendor Advisory
www.securitytracker.com/alerts/2005/Apr/1013649.htmlnvdVendor Advisory
digitalparadox.org/advisories/aass.txtnvd
marc.infonvd
www.osvdb.org/15281nvd
www.osvdb.org/15282nvd
www.osvdb.org/15283nvd
exchange.xforce.ibmcloud.com/vulnerabilities/19977nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.004
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000