6 matches found
CVE-2002-0995
PHPAuction's login.php is vulnerable: a direct call with action=insert allows remote attackers to add a username to the adminUsers table, effectively gaining privileges. The CVE entry documents this privilege escalation and labels it high severity (CVSS v2 base score 7.5). The provided sources co...
CVE-2006-3984
PHPAuction/Albasoftware Phpauction is affected by CVE-2006-3984. The PHP remote file inclusion vulnerability exists in phpAdsNew/view.inc.php (and phpAdsNew 2.0.5) that allows remote attackers to execute arbitrary PHP code via a URL provided to the phpAds_path parameter. The affected software ver...
CVE-2005-2255
CVE-2005-2255 describes a directory traversal in PhpAuction 2.5 where an attacker can manipulate the lan parameter in index.php or admin/index.php to read arbitrary files, include local PHP files, or glean sensitive path information. The root cause is improper validation of the lan parameter allo...
CVE-2005-2253
CVE-2005-2253 is a SQL injection in PhpAuction 2.5, where an attacker can modify SQL queries through the category parameter in adsearch.php. Root cause: unsanitized input used in database queries. Affected: PhpAuction 2.5. Impact: as described by CVE/NVD (base score 7.5, HIGH). Exploitation detai...
CVE-2005-2252
Summary (CVE-2005-2252): PhpAuction 2.5 is affected by an authentication bypass vulnerability where an attacker can set the PHPAUCTION_RM_ID cookie to a target user’s ID to gain privileges as that user. The Nessus plugin PHPAUCTION_MULT_VULNS.NASL documents this issue among others (e.g., RCE, SQL...
CVE-2005-2254
The connected NASL/Nessus entry confirms CVE-2005-2254 affects Phpauction