VYPR

Webid

by Rsa

Source repositories

CVEs (6)

  • CVE-2008-1470Mar 24, 2008
    risk 0.03cvss epss 0.02

    Incomplete blacklist vulnerability in IISWebAgentIF.dll in the WebID RSA Authentication Agent 5.3, and possibly earlier, allows remote attackers to conduct cross-site scripting (XSS) attacks via the postdata parameter, due to an incomplete fix for CVE-2005-1118.

  • CVE-2023-47397Nov 8, 2023
    risk 0.00cvss epss 0.01

    WeBid <=1.2.2 is vulnerable to code injection via admin/categoriestrans.php.

  • CVE-2022-41477Oct 14, 2022
    risk 0.00cvss epss 0.01

    A security issue was discovered in WeBid <=1.2.2. A Server-Side Request Forgery (SSRF) vulnerability in the admin/theme.php file allows remote attackers to inject payloads via theme parameters to read files across directories.

  • CVE-2019-11592Apr 29, 2019
    risk 0.00cvss epss 0.01

    WeBid 1.2.2 has reflected XSS via the id parameter to admin/deletenews.php, admin/editbannersuser.php, admin/editfaqscategory.php, or admin/excludeuser.php, or the offset parameter to admin/edituser.php.

  • CVE-2018-1000882Dec 20, 2018
    risk 0.00cvss epss 0.02

    WeBid version up to current version 1.2.2 contains a Directory Traversal vulnerability in getthumb.php that can result in Arbitrary Image File Read. This attack appear to be exploitable via HTTP GET Request. This vulnerability appears to have been fixed in after commit…

  • CVE-2018-1000867Dec 20, 2018
    risk 0.00cvss epss 0.01

    WeBid version up to current version 1.2.2 contains a SQL Injection vulnerability in All five yourauctions*.php scripts that can result in Database Read via Blind SQL Injection. This attack appear to be exploitable via HTTP Request. This vulnerability appears to have been fixed…