CVE-2008-6663

2009-04-0810:00:00

mitre

www.cve.org

8.2 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

58.6%

JSON

SQL injection vulnerability in profile.php in PHPAuctions.info PHPAuctions (aka PHPAuctionSystem) allows remote attackers to execute arbitrary SQL commands via the auction_id parameter, a different vector than CVE-2009-0106.

References

www.securityfocus.com/bid/29856

exchange.xforce.ibmcloud.com/vulnerabilities/43264

exchange.xforce.ibmcloud.com/vulnerabilities/50472

www.exploit-db.com/exploits/5879