Lucene search
K
Gianluca BaldoPhpauction

6 matches found

CVE
CVE
added 2003/04/02 5:0 a.m.152 views

CVE-2002-0995

PHPAuction's login.php is vulnerable: a direct call with action=insert allows remote attackers to add a username to the adminUsers table, effectively gaining privileges. The CVE entry documents this privilege escalation and labels it high severity (CVSS v2 base score 7.5). The provided sources co...

7.5CVSS7.3AI score0.0282EPSS
CVE
CVE
added 2006/08/05 12:0 a.m.129 views

CVE-2006-3984

PHPAuction/Albasoftware Phpauction is affected by CVE-2006-3984. The PHP remote file inclusion vulnerability exists in phpAdsNew/view.inc.php (and phpAdsNew 2.0.5) that allows remote attackers to execute arbitrary PHP code via a URL provided to the phpAds_path parameter. The affected software ver...

7.5CVSS7.5AI score0.03188EPSS
Web
CVE
CVE
added 2005/07/13 4:0 a.m.51 views

CVE-2005-2255

CVE-2005-2255 describes a directory traversal in PhpAuction 2.5 where an attacker can manipulate the lan parameter in index.php or admin/index.php to read arbitrary files, include local PHP files, or glean sensitive path information. The root cause is improper validation of the lan parameter allo...

6.4CVSS6.3AI score0.01507EPSS
Web
CVE
CVE
added 2005/07/13 4:0 a.m.45 views

CVE-2005-2253

CVE-2005-2253 is a SQL injection in PhpAuction 2.5, where an attacker can modify SQL queries through the category parameter in adsearch.php. Root cause: unsanitized input used in database queries. Affected: PhpAuction 2.5. Impact: as described by CVE/NVD (base score 7.5, HIGH). Exploitation detai...

7.5CVSS7.5AI score0.0121EPSS
CVE
CVE
added 2005/07/13 4:0 a.m.43 views

CVE-2005-2252

Summary (CVE-2005-2252): PhpAuction 2.5 is affected by an authentication bypass vulnerability where an attacker can set the PHPAUCTION_RM_ID cookie to a target user’s ID to gain privileges as that user. The Nessus plugin PHPAUCTION_MULT_VULNS.NASL documents this issue among others (e.g., RCE, SQL...

7.5CVSS7.2AI score0.01407EPSS
CVE
CVE
added 2005/07/13 4:0 a.m.41 views

CVE-2005-2254

The connected NASL/Nessus entry confirms CVE-2005-2254 affects Phpauction

4.3CVSS5.8AI score0.00992EPSS
Web