CVE-2005-1235

The CVE concerns phpbb-Auction 1.2m and earlier, where auction_my_auctions.php accepts an invalid mode parameter and, via a PHP error message, leaks the full path. This is a potential information disclosure vulnerability in the PHP code path handling the auction feature. The provided documents do...

CVE-2005-1234

Multiple SQL injection vulnerabilities in phpbb-Auction allow remote attackers to execute arbitrary SQL commands via the 1 u parameter to auctionrating.php or 2 ar parameter to actionoffer.php...

CVE-2005-1235

auctionmyauctions.php in phpbb-Auction 1.2m and earlier allows remote attackers to obtain sensitive information via an invalid mode parameter, which leaks the full path in a PHP error message...

phpBB-Auction Module 1.01.2 - Auction_Offer.php SQL Injection

phpBB-Auction Module 1.01.2 - AuctionOffer.php SQL Injection source: https://www.securityfocus.com/bid/13284/info phpbb-auction module is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL...

phpBB-Auction Module 1.01.2 - Auction_Rating.php SQL Injection

phpBB-Auction Module 1.01.2 - AuctionRating.php SQL Injection source: https://www.securityfocus.com/bid/13283/info phpbb-auction module is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL...