7 matches found
CVE-2008-5212
CVE-2008-5212 describes an SQL injection in AJ Auction 6.2.1 and earlier, via the item_id parameter in classifide_ad.php. The vulnerability allows remote attackers to execute arbitrary SQL commands. The NVD metrics list a base score of 7.5 (HIGH) with network attack vector, low complexity, no aut...
CVE-2008-6966
The CVE-2008-6966 entry concerns AJ Square AJ Auction Pro Platinum Skin #1, where a redirect is not exited when accessed directly, enabling a remote attacker to bypass authentication via a direct request to admin/user.php. The issue is tied to improper flow control after a redirect, allowing an a...
CVE-2008-6003
CVE-2008-6003 is an SQL injection vulnerability in AJ Auction Pro Platinum 2’s sellers_othersitem.php, exploitable via the seller_id parameter to allow remote attackers to execute arbitrary SQL commands. The NVD entry lists this as a NETWORK attack with HIGH impact on confidentiality and integrit...
CVE-2008-6004
CVE-2008-6004 is a Cross-site scripting (XSS) vulnerability affecting AJ Auction Pro Platinum 2, specifically in search.php via the product parameter. The NVD entry describes an attacker injecting arbitrary script/HTML, with a CVSSv2 base score of 4.3 (Medium) and vector: AV:N/AC:M/Au:N/C:N/I:P/A...
CVE-2008-6965
CVE-2008-6965 affects AJ Square AJ Auction OOPD, Pro Platinum Skin #1, Pro Platinum Skin #2, and Web 2.0. The issue is that a redirect is issued but the script does not exit when certain admin script files (site.php, auction.php, mail.php, fee_setting.php, earnings.php, insertion_fee_settings.php...
CVE-2008-2860
CVE-2008-2860 affects AJSquare AJ Auction Pro web 2.0. The vulnerability is in category.php and allows SQL injection via the cate_id parameter, enabling remote attackers to execute arbitrary SQL commands. The CVSS data from NVD indicates a network-accessible, low-complexity, no-authentication vul...
CVE-2008-6414
CVE-2008-6414 describes a SQL injection in the file detail.php of AJ Auction Pro Platinum Skin 2, exploitable via the item_id parameter. The underlying issue is improper handling of user-supplied input in a query, allowing remote attackers to craft and execute arbitrary SQL commands. The vulnerab...