CVE-2018-1000882

WeBid version up to current version 1.2.2 contains a Directory Traversal vulnerability in getthumb.php that can result in Arbitrary Image File Read. This attack appear to be exploitable via HTTP GET Request. This vulnerability appears to have been fixed in after commit...

CVE-2018-1000868

WeBid version up to current version 1.2.2 contains a Cross Site Scripting XSS vulnerability in userlogin.php, register.php that can result in Javascript execution in the user's browser, injection of malicious markup into the page. This attack appear to be exploitable via The victim user must clic...

EUVD-2011-5238

Malware in sbrugna...

EUVD-2018-2059

Malware in sbrugna...

EUVD-2014-5012

Malware in sbrugna...

CVE-2024-32166

Webid v1.2.1 suffers from an Insecure Direct Object Reference IDOR - Broken Access Control vulnerability, allowing attackers to buy now an auction that is suspended horizontal privilege escalation...

CVE-2020-23359

WeBid 1.2.2 admin/newuser.php has an issue with password rechecking during registration because it uses a loose comparison to check the identicalness of two passwords. Two non-identical passwords can still bypass the check...

CVE-2014-5114

WeBid 1.1.1 allows remote attackers to conduct an LDAP injection attack via the 1 js or 2 cat parameter...

CVE-2011-3815

WeBid 1.0.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by js/calendar.php and certain other files...

CVE-2024-35409

WeBid 1.1.2 is vulnerable to SQL Injection via admin/tax.php...

CVE-2024-35409

WeBid 1.1.2 is vulnerable to SQL Injection via admin/tax.php...

CVE-2024-35409

WeBid 1.1.2 is vulnerable to SQL Injection via admin/tax.php...

CVE-2024-32166

The CVE-2024-32166 issue affects Webid v1.2.1 and is an Insecure Direct Object Reference (IDOR) leading to Broken Access Control. This allows horizontal privilege escalation—attackers can prematurely complete a purchase on a suspended auction. Root cause and exact vulnerable component are describ...

Code injection

WeBid =1.2.2 is vulnerable to code injection via admin/categoriestrans.php...

CVE-2023-47397

WeBid =1.2.2 is vulnerable to code injection via admin/categoriestrans.php...

CVE-2022-41477

A security issue was discovered in WeBid =1.2.2. A Server-Side Request Forgery SSRF vulnerability in the admin/theme.php file allows remote attackers to inject payloads via theme parameters to read files across directories...

WeBid SQL Injection Vulnerability (CNVD-2019-43415)

WeBid is an open source auction site building solutions. A SQL injection vulnerability exists in the yourauctions.php script in WeBid 1.2.2 and earlier versions. A remote attacker can exploit this vulnerability by sending an HTTP request to read the database...

Sql injection

WeBid version up to current version 1.2.2 contains a SQL Injection vulnerability in All five yourauctions.php scripts that can result in Database Read via Blind SQL Injection. This attack appear to be exploitable via HTTP Request. This vulnerability appears to have been fixed in after commit...

WeBid SQL Injection Vulnerability

WebID is the serial number of ESET antivirus software that can be obtained automatically. An SQL injection vulnerability exists in WeBid. Because the '$SESSION"id"' talkback variable is not properly filtered, an attacker can exploit the vulnerability to alter raw SQL queries and execute arbitrary...

CVE-2001-1462

WebID in RSA Security SecurID 5.0 as used by ACE/Agent for Windows, Windows NT and Windows 2000 allows attackers to cause the WebID agent to enter debug mode via a URL containing null characters, which may allow attackers to obtain sensitive information...