7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
8.5 High
AI Score
Confidence
Low
0.007 Low
EPSS
Percentile
80.1%
Multiple SQL injection vulnerabilities in Active Auction House allow remote attackers to execute arbitrary SQL commands via the (1) catid, (2) SortDir, or (3) Sortby parameter to default.asp, (4) itemID parameter to ItemInfo.asp, or (5) Email field to sendpassword.asp.
CPE | Name | Operator | Version |
---|---|---|---|
active_web_softwares:active_auction_house | active web softwares active auction house | eq | 7.1 |
digitalparadox.org/advisories/aass.txt
marc.info/?l=bugtraq&m=111280834000432&w=2
secunia.com/advisories/14839
www.osvdb.org/15281
www.osvdb.org/15282
www.osvdb.org/15283
www.securityfocus.com/bid/13032
www.securityfocus.com/bid/13034
www.securityfocus.com/bid/13035
www.securitytracker.com/alerts/2005/Apr/1013649.html
exchange.xforce.ibmcloud.com/vulnerabilities/19977