Webid
by Rsa
Source repositories
- https://github.com/renlok/webidarchived
CVEs (6)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2008-1470 | 0.03 | — | 0.02 | Mar 24, 2008 | Incomplete blacklist vulnerability in IISWebAgentIF.dll in the WebID RSA Authentication Agent 5.3, and possibly earlier, allows remote attackers to conduct cross-site scripting (XSS) attacks via the postdata parameter, due to an incomplete fix for CVE-2005-1118. | |||
| CVE-2023-47397 | 0.00 | — | 0.01 | Nov 8, 2023 | WeBid <=1.2.2 is vulnerable to code injection via admin/categoriestrans.php. | |||
| CVE-2022-41477 | 0.00 | — | 0.01 | Oct 14, 2022 | A security issue was discovered in WeBid <=1.2.2. A Server-Side Request Forgery (SSRF) vulnerability in the admin/theme.php file allows remote attackers to inject payloads via theme parameters to read files across directories. | |||
| CVE-2019-11592 | 0.00 | — | 0.01 | Apr 29, 2019 | WeBid 1.2.2 has reflected XSS via the id parameter to admin/deletenews.php, admin/editbannersuser.php, admin/editfaqscategory.php, or admin/excludeuser.php, or the offset parameter to admin/edituser.php. | |||
| CVE-2018-1000882 | 0.00 | — | 0.02 | Dec 20, 2018 | WeBid version up to current version 1.2.2 contains a Directory Traversal vulnerability in getthumb.php that can result in Arbitrary Image File Read. This attack appear to be exploitable via HTTP GET Request. This vulnerability appears to have been fixed in after commit… | |||
| CVE-2018-1000867 | 0.00 | — | 0.01 | Dec 20, 2018 | WeBid version up to current version 1.2.2 contains a SQL Injection vulnerability in All five yourauctions*.php scripts that can result in Database Read via Blind SQL Injection. This attack appear to be exploitable via HTTP Request. This vulnerability appears to have been fixed… |
- CVE-2008-1470Mar 24, 2008risk 0.03cvss —epss 0.02
Incomplete blacklist vulnerability in IISWebAgentIF.dll in the WebID RSA Authentication Agent 5.3, and possibly earlier, allows remote attackers to conduct cross-site scripting (XSS) attacks via the postdata parameter, due to an incomplete fix for CVE-2005-1118.
- CVE-2023-47397Nov 8, 2023risk 0.00cvss —epss 0.01
WeBid <=1.2.2 is vulnerable to code injection via admin/categoriestrans.php.
- CVE-2022-41477Oct 14, 2022risk 0.00cvss —epss 0.01
A security issue was discovered in WeBid <=1.2.2. A Server-Side Request Forgery (SSRF) vulnerability in the admin/theme.php file allows remote attackers to inject payloads via theme parameters to read files across directories.
- CVE-2019-11592Apr 29, 2019risk 0.00cvss —epss 0.01
WeBid 1.2.2 has reflected XSS via the id parameter to admin/deletenews.php, admin/editbannersuser.php, admin/editfaqscategory.php, or admin/excludeuser.php, or the offset parameter to admin/edituser.php.
- CVE-2018-1000882Dec 20, 2018risk 0.00cvss —epss 0.02
WeBid version up to current version 1.2.2 contains a Directory Traversal vulnerability in getthumb.php that can result in Arbitrary Image File Read. This attack appear to be exploitable via HTTP GET Request. This vulnerability appears to have been fixed in after commit…
- CVE-2018-1000867Dec 20, 2018risk 0.00cvss —epss 0.01
WeBid version up to current version 1.2.2 contains a SQL Injection vulnerability in All five yourauctions*.php scripts that can result in Database Read via Blind SQL Injection. This attack appear to be exploitable via HTTP Request. This vulnerability appears to have been fixed…