Lucene search
K

252 matches found

NVD
NVD
added 2019/04/29 2:29 p.m.23 views

CVE-2019-11592

WeBid 1.2.2 has reflected XSS via the id parameter to admin/deletenews.php, admin/editbannersuser.php, admin/editfaqscategory.php, or admin/excludeuser.php, or the offset parameter to admin/edituser.php...

6.1CVSS6.1AI score0.00826EPSS
Exploits1References1
CVE
CVE
added 2019/04/29 1:47 p.m.51 views

CVE-2019-11592

CVE-2019-11592 affects WeBid 1.2.2 and is a reflected XSS vulnerability. The issue is triggered via user-supplied input in the id parameter of admin/deletenews.php, admin/editbannersuser.php, admin/editfaqscategory.php, or admin/excludeuser.php, and via the offset parameter in admin/edituser.php....

6.1CVSS5.9AI score0.00826EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2019/04/29 1:47 p.m.22 views

CVE-2019-11592

WeBid 1.2.2 has reflected XSS via the id parameter to admin/deletenews.php, admin/editbannersuser.php, admin/editfaqscategory.php, or admin/excludeuser.php, or the offset parameter to admin/edituser.php...

6.1AI score0.00826EPSS
Exploits1References1
Packet Storm
Packet Storm
added 2019/01/31 12:0 a.m.58 views

WeBid 1.2.2 Cross Site Scripting

Multiple Reflected Cross-site Scripting Vulnerabilities in WeBid 1.2.2 Information -------------------- Advisory by Netsparker Name: Multiple Reflected Cross-site Scripting Vulnerabilities in WeBid 1.2.2 Affected Software: WeBid Affected Versions: 1.2.2 Homepage: http://www.webidsupport.com/...

7.4AI score
Exploits0
CNVD
CNVD
added 2018/12/24 12:0 a.m.3 views

WeBid Path Traversal Vulnerability

WeBid is an open source auction site building solutions. A directory traversal vulnerability exists in the getthumb.php file in WeBid 1.2.2 and earlier versions. An attacker can exploit this vulnerability by sending an HTTP GET request to read an arbitrary image file...

7.5CVSS6.8AI score0.02377EPSS
Exploits1References1
CNVD
CNVD
added 2018/12/24 12:0 a.m.2 views

WeBid Cross-Site Scripting Vulnerability

WeBid is an open source auction site building solutions. A cross-site scripting vulnerability exists in the userlogin.php and register.php files in WeBid 1.2.2 and earlier versions. An attacker can exploit this vulnerability to execute Javascript code in a user's browser with the help of a...

6.1CVSS6.4AI score0.0163EPSS
Exploits1References1
CNVD
CNVD
added 2018/12/24 12:0 a.m.3 views

WeBid SQL Injection Vulnerability (CNVD-2019-43415)

WeBid is an open source auction site building solutions. A SQL injection vulnerability exists in the yourauctions.php script in WeBid 1.2.2 and earlier versions. A remote attacker can exploit this vulnerability by sending an HTTP request to read the database...

8.8CVSS7.9AI score0.01461EPSS
Exploits1References1
NVD
NVD
added 2018/12/20 5:29 p.m.19 views

CVE-2018-1000882

WeBid version up to current version 1.2.2 contains a Directory Traversal vulnerability in getthumb.php that can result in Arbitrary Image File Read. This attack appear to be exploitable via HTTP GET Request. This vulnerability appears to have been fixed in after commit...

7.5CVSS7.5AI score0.02377EPSS
Exploits1References3
OSV
OSV
added 2018/12/20 5:29 p.m.19 views

CVE-2018-1000882

WeBid version up to current version 1.2.2 contains a Directory Traversal vulnerability in getthumb.php that can result in Arbitrary Image File Read. This attack appear to be exploitable via HTTP GET Request. This vulnerability appears to have been fixed in after commit...

7.5CVSS6.9AI score
Exploits0References3
Prion
Prion
added 2018/12/20 5:29 p.m.16 views

Directory traversal

WeBid version up to current version 1.2.2 contains a Directory Traversal vulnerability in getthumb.php that can result in Arbitrary Image File Read. This attack appear to be exploitable via HTTP GET Request. This vulnerability appears to have been fixed in after commit...

5CVSS7.5AI score0.02377EPSS
Exploits1References3Affected Software1
Prion
Prion
added 2018/12/20 5:29 p.m.13 views

Cross site scripting

WeBid version up to current version 1.2.2 contains a Cross Site Scripting XSS vulnerability in userlogin.php, register.php that can result in Javascript execution in the user's browser, injection of malicious markup into the page. This attack appear to be exploitable via The victim user must clic...

4.3CVSS6.3AI score0.0163EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2018/12/20 5:29 p.m.14 views

CVE-2018-1000868

WeBid version up to current version 1.2.2 contains a Cross Site Scripting XSS vulnerability in userlogin.php, register.php that can result in Javascript execution in the user's browser, injection of malicious markup into the page. This attack appear to be exploitable via The victim user must clic...

6.1CVSS6.3AI score0.0163EPSS
Exploits1References3
NVD
NVD
added 2018/12/20 5:29 p.m.12 views

CVE-2018-1000867

WeBid version up to current version 1.2.2 contains a SQL Injection vulnerability in All five yourauctions.php scripts that can result in Database Read via Blind SQL Injection. This attack appear to be exploitable via HTTP Request. This vulnerability appears to have been fixed in after commit...

8.8CVSS9.1AI score0.01461EPSS
Exploits1References3
OSV
OSV
added 2018/12/20 5:29 p.m.17 views

CVE-2018-1000868

WeBid version up to current version 1.2.2 contains a Cross Site Scripting XSS vulnerability in userlogin.php, register.php that can result in Javascript execution in the user's browser, injection of malicious markup into the page. This attack appear to be exploitable via The victim user must clic...

6.1CVSS6.3AI score
Exploits0References3
Prion
Prion
added 2018/12/20 5:29 p.m.17 views

Sql injection

WeBid version up to current version 1.2.2 contains a SQL Injection vulnerability in All five yourauctions.php scripts that can result in Database Read via Blind SQL Injection. This attack appear to be exploitable via HTTP Request. This vulnerability appears to have been fixed in after commit...

6.5CVSS9AI score0.01461EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2018/12/20 5:29 p.m.17 views

CVE-2018-1000867

WeBid version up to current version 1.2.2 contains a SQL Injection vulnerability in All five yourauctions.php scripts that can result in Database Read via Blind SQL Injection. This attack appear to be exploitable via HTTP Request. This vulnerability appears to have been fixed in after commit...

8.8CVSS8.1AI score
Exploits0References3
Cvelist
Cvelist
added 2018/12/20 5:0 p.m.23 views

CVE-2018-1000882

WeBid version up to current version 1.2.2 contains a Directory Traversal vulnerability in getthumb.php that can result in Arbitrary Image File Read. This attack appear to be exploitable via HTTP GET Request. This vulnerability appears to have been fixed in after commit...

7.6AI score0.02377EPSS
Exploits1References3
Cvelist
Cvelist
added 2018/12/20 5:0 p.m.15 views

CVE-2018-1000868

WeBid version up to current version 1.2.2 contains a Cross Site Scripting XSS vulnerability in userlogin.php, register.php that can result in Javascript execution in the user's browser, injection of malicious markup into the page. This attack appear to be exploitable via The victim user must clic...

6.3AI score0.0163EPSS
Exploits1References3
CVE
CVE
added 2018/12/20 5:0 p.m.41 views

CVE-2018-1000867

Affected software: WeBid (up to current version 1.2.2). Vulnerability: SQL Injection in all five yourauctions*.php scripts, allowing (via HTTP requests) a Blind SQL Injection that can cause database read. Root cause: improper input handling in the listed PHP scripts. Impact: potential data exposu...

8.8CVSS9.1AI score0.01461EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2018/12/20 5:0 p.m.46 views

CVE-2018-1000882

CVE-2018-1000882 concerns WeBid up to version 1.2.2, where a directory traversal vulnerability exists in the getthumb.php script, allowing Arbitrary Image File Read. The issue is exploitable via HTTP GET requests and is caused by insufficient validation of file paths in getthumb.php. Multiple con...

7.5CVSS7.5AI score0.02377EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder