2 matches found
Cross site scripting
Cross-site scripting XSS vulnerability in auktion.php in Pay Per Watch & Bid Auktions System allows remote attackers to inject arbitrary web script or HTML via the idauk parameter, which is not properly handled in a forced SQL error message. NOTE: the provenance of this information is unknown; th...
CVE-2010-1855
CVE-2010-1855 is a SQL injection vulnerability in the Pay Per Watch & Bid Auktions System, specifically in auktion.php where the id_auk parameter can be manipulated to execute arbitrary SQL commands. The vulnerability is documented in the NVD entry for CVE-2010-1855 and is corroborated by multipl...