VYPR

Phpauction

by Phpauction

CVEs (14)

  • CVE-2008-1416Mar 20, 2008
    risk 0.06cvss epss 0.35

    Multiple PHP remote file inclusion vulnerabilities in PHPauction GPL 2.51 allow remote attackers to execute arbitrary PHP code via a URL in the include_path parameter to (1) converter.inc.php, (2) messages.inc.php, and (3) settings.inc.php in includes/.

  • CVE-2010-4860Oct 5, 2011
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in product_desc.php in MyPhpAuction 2010 allows remote attackers to execute arbitrary SQL commands via the id parameter.

  • CVE-2008-7000Aug 19, 2009
    risk 0.03cvss epss 0.02

    PHP remote file inclusion vulnerability in index.php in PHPAuction 3.2 allows remote attackers to execute arbitrary PHP code via a URL in the lan parameter. NOTE: this might be related to CVE-2005-2255.1.

  • CVE-2008-2900Jun 27, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in item.php in PHPAuction 3.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.

  • CVE-2006-3984Aug 5, 2006
    risk 0.03cvss epss 0.03

    PHP remote file inclusion vulnerability in phpAdsNew/view.inc.php in Albasoftware Phpauction 2.1 and possibly later versions, with phpAdsNew 2.0.5, allows remote attackers to execute arbitrary PHP code via a URL in the phpAds_path parameter.

  • CVE-2006-3940Jul 31, 2006
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in phpbb-Auction allow remote attackers to execute arbitrary SQL commands via (1) the ar parameter in auction_room.php and (2) the u parameter in auction_store.php. NOTE: the auction_rating.php vector is already covered by CVE-2005-1234. …

  • CVE-2002-0995Oct 4, 2002
    risk 0.03cvss epss 0.03

    login.php for PHPAuction allows remote attackers to gain privileges via a direct call to login.php with the action parameter set to "insert," which adds the provided username to the adminUsers table.

  • CVE-2008-6999Aug 19, 2009
    risk 0.00cvss epss 0.01

    phpAuction 3.2, and possibly 3.3.0 GPL Basic edition, allows remote attackers to obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function.

  • CVE-2005-2252Jul 13, 2005
    risk 0.00cvss epss 0.01

    PhpAuction 2.5 allows remote attackers to bypass authentication and gain privileges as another user by setting the PHPAUCTION_RM_ID cookie to the user ID.

  • CVE-2005-2254Jul 13, 2005
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in PhpAuction 2.5 allow remote attackers to inject arbitrary web script or HTML via the lan parameter to (1) index.php or (2) admin/index.php, or (3) the auction_id parameter to profile.php. NOTE: there is evidence that…

  • CVE-2005-2255Jul 13, 2005
    risk 0.00cvss epss 0.02

    Directory traversal vulnerability in PhpAuction 2.5 allows remote attackers to read arbitrary files, include local PHP files, or obtain sensitive path information via ".." sequences in the lan parameter to (1) index.php or (2) admin/index.php.

  • CVE-2005-2253Jul 13, 2005
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in PhpAuction 2.5 allow remote attackers to modify SQL queries via the category parameter to adsearch.php. NOTE: there is evidence that viewnews.php may not be part of the PhpAuction product, so it is not included in this description.

  • CVE-2005-1235May 2, 2005
    risk 0.00cvss epss 0.02

    auction_my_auctions.php in phpbb-Auction 1.2m and earlier allows remote attackers to obtain sensitive information via an invalid mode parameter, which leaks the full path in a PHP error message.

  • CVE-2005-1234May 2, 2005
    risk 0.00cvss epss 0.02

    Multiple SQL injection vulnerabilities in phpbb-Auction allow remote attackers to execute arbitrary SQL commands via the (1) u parameter to auction_rating.php or (2) ar parameter to action_offer.php.