252 matches found
CVE-2019-11592
WeBid 1.2.2 has reflected XSS via the id parameter to admin/deletenews.php, admin/editbannersuser.php, admin/editfaqscategory.php, or admin/excludeuser.php, or the offset parameter to admin/edituser.php...
CVE-2019-11592
CVE-2019-11592 affects WeBid 1.2.2 and is a reflected XSS vulnerability. The issue is triggered via user-supplied input in the id parameter of admin/deletenews.php, admin/editbannersuser.php, admin/editfaqscategory.php, or admin/excludeuser.php, and via the offset parameter in admin/edituser.php....
CVE-2019-11592
WeBid 1.2.2 has reflected XSS via the id parameter to admin/deletenews.php, admin/editbannersuser.php, admin/editfaqscategory.php, or admin/excludeuser.php, or the offset parameter to admin/edituser.php...
WeBid 1.2.2 Cross Site Scripting
Multiple Reflected Cross-site Scripting Vulnerabilities in WeBid 1.2.2 Information -------------------- Advisory by Netsparker Name: Multiple Reflected Cross-site Scripting Vulnerabilities in WeBid 1.2.2 Affected Software: WeBid Affected Versions: 1.2.2 Homepage: http://www.webidsupport.com/...
WeBid Path Traversal Vulnerability
WeBid is an open source auction site building solutions. A directory traversal vulnerability exists in the getthumb.php file in WeBid 1.2.2 and earlier versions. An attacker can exploit this vulnerability by sending an HTTP GET request to read an arbitrary image file...
WeBid Cross-Site Scripting Vulnerability
WeBid is an open source auction site building solutions. A cross-site scripting vulnerability exists in the userlogin.php and register.php files in WeBid 1.2.2 and earlier versions. An attacker can exploit this vulnerability to execute Javascript code in a user's browser with the help of a...
WeBid SQL Injection Vulnerability (CNVD-2019-43415)
WeBid is an open source auction site building solutions. A SQL injection vulnerability exists in the yourauctions.php script in WeBid 1.2.2 and earlier versions. A remote attacker can exploit this vulnerability by sending an HTTP request to read the database...
CVE-2018-1000882
WeBid version up to current version 1.2.2 contains a Directory Traversal vulnerability in getthumb.php that can result in Arbitrary Image File Read. This attack appear to be exploitable via HTTP GET Request. This vulnerability appears to have been fixed in after commit...
CVE-2018-1000882
WeBid version up to current version 1.2.2 contains a Directory Traversal vulnerability in getthumb.php that can result in Arbitrary Image File Read. This attack appear to be exploitable via HTTP GET Request. This vulnerability appears to have been fixed in after commit...
Directory traversal
WeBid version up to current version 1.2.2 contains a Directory Traversal vulnerability in getthumb.php that can result in Arbitrary Image File Read. This attack appear to be exploitable via HTTP GET Request. This vulnerability appears to have been fixed in after commit...
Cross site scripting
WeBid version up to current version 1.2.2 contains a Cross Site Scripting XSS vulnerability in userlogin.php, register.php that can result in Javascript execution in the user's browser, injection of malicious markup into the page. This attack appear to be exploitable via The victim user must clic...
CVE-2018-1000868
WeBid version up to current version 1.2.2 contains a Cross Site Scripting XSS vulnerability in userlogin.php, register.php that can result in Javascript execution in the user's browser, injection of malicious markup into the page. This attack appear to be exploitable via The victim user must clic...
CVE-2018-1000867
WeBid version up to current version 1.2.2 contains a SQL Injection vulnerability in All five yourauctions.php scripts that can result in Database Read via Blind SQL Injection. This attack appear to be exploitable via HTTP Request. This vulnerability appears to have been fixed in after commit...
CVE-2018-1000868
WeBid version up to current version 1.2.2 contains a Cross Site Scripting XSS vulnerability in userlogin.php, register.php that can result in Javascript execution in the user's browser, injection of malicious markup into the page. This attack appear to be exploitable via The victim user must clic...
Sql injection
WeBid version up to current version 1.2.2 contains a SQL Injection vulnerability in All five yourauctions.php scripts that can result in Database Read via Blind SQL Injection. This attack appear to be exploitable via HTTP Request. This vulnerability appears to have been fixed in after commit...
CVE-2018-1000867
WeBid version up to current version 1.2.2 contains a SQL Injection vulnerability in All five yourauctions.php scripts that can result in Database Read via Blind SQL Injection. This attack appear to be exploitable via HTTP Request. This vulnerability appears to have been fixed in after commit...
CVE-2018-1000882
WeBid version up to current version 1.2.2 contains a Directory Traversal vulnerability in getthumb.php that can result in Arbitrary Image File Read. This attack appear to be exploitable via HTTP GET Request. This vulnerability appears to have been fixed in after commit...
CVE-2018-1000868
WeBid version up to current version 1.2.2 contains a Cross Site Scripting XSS vulnerability in userlogin.php, register.php that can result in Javascript execution in the user's browser, injection of malicious markup into the page. This attack appear to be exploitable via The victim user must clic...
CVE-2018-1000867
Affected software: WeBid (up to current version 1.2.2). Vulnerability: SQL Injection in all five yourauctions*.php scripts, allowing (via HTTP requests) a Blind SQL Injection that can cause database read. Root cause: improper input handling in the listed PHP scripts. Impact: potential data exposu...
CVE-2018-1000882
CVE-2018-1000882 concerns WeBid up to version 1.2.2, where a directory traversal vulnerability exists in the getthumb.php script, allowing Arbitrary Image File Read. The issue is exploitable via HTTP GET requests and is caused by insufficient validation of file paths in getthumb.php. Multiple con...