Unrated severityNVD Advisory· Published May 4, 2010· Updated Apr 29, 2026

CVE-2010-1706

Description

Multiple SQL injection vulnerabilities in login.php in 2daybiz Auction Script allow remote attackers to execute arbitrary SQL commands via (1) the login field (aka the username parameter), and possibly (2) the password field, to index.php. NOTE: some of these details are obtained from third party information.

Affected products

2daybiz/Auction Script
cpe:2.3:a:2daybiz:auction_script:*:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

packetstormsecurity.org/1004-exploits/2daybizauctionscript-sql.txtnvdExploit
www.exploit-db.com/exploits/12414nvdExploit
www.securityfocus.com/bid/39728nvdExploit
secunia.com/advisories/39621nvdVendor Advisory
www.vupen.com/english/advisories/2010/1015nvdVendor Advisory
osvdb.org/64097nvd
exchange.xforce.ibmcloud.com/vulnerabilities/58188nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000