Phpauction@2.5 Security Vulnerabilities and Issues — Phpauction@2.5 CVE List

Lucene search

Gianluca BaldoPhpauction2.5

4 matches found

CVE•added 2005/07/13 4:0 a.m.•39 views

CVE-2005-2255

Directory traversal vulnerability in PhpAuction 2.5 allows remote attackers to read arbitrary files, include local PHP files, or obtain sensitive path information via ".." sequences in the lan parameter to (1) index.php or (2) admin/index.php.

6.4CVSS6.3AI score0.00265EPSS

CVE•added 2005/07/13 4:0 a.m.•35 views

CVE-2005-2252

PhpAuction 2.5 allows remote attackers to bypass authentication and gain privileges as another user by setting the PHPAUCTION_RM_ID cookie to the user ID.

7.5CVSS7.2AI score0.00572EPSS

CVE•added 2005/07/13 4:0 a.m.•34 views

CVE-2005-2253

SQL injection vulnerability in PhpAuction 2.5 allow remote attackers to modify SQL queries via the category parameter to adsearch.php. NOTE: there is evidence that viewnews.php may not be part of the PhpAuction product, so it is not included in this description.

7.5CVSS7.5AI score0.00518EPSS

CVE•added 2005/07/13 4:0 a.m.•33 views

CVE-2005-2254

Multiple cross-site scripting (XSS) vulnerabilities in PhpAuction 2.5 allow remote attackers to inject arbitrary web script or HTML via the lan parameter to (1) index.php or (2) admin/index.php, or (3) the auction_id parameter to profile.php. NOTE: there is evidence that viewnews.php and login.php ...

4.3CVSS5.8AI score0.00389EPSS