phpbb-auction 1.x auction_room.php ar Parameter SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/19179/info PHPBB-Auction is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query. These vulnerabilities could permit remote...

CVE-2006-3940

Multiple SQL injection vulnerabilities in phpbb-Auction allow remote attackers to execute arbitrary SQL commands via 1 the ar parameter in auctionroom.php and 2 the u parameter in auctionstore.php. NOTE: the auctionrating.php vector is already covered by CVE-2005-1234. NOTE: the original disclosu...