Phpauction Security Vulnerabilities and Issues — Phpauction CVE List

Lucene search

Gianluca BaldoPhpauction

4 matches found

CVE•added 2003/04/02 5:0 a.m.•138 views

CVE-2002-0995

login.php for PHPAuction allows remote attackers to gain privileges via a direct call to login.php with the action parameter set to "insert," which adds the provided username to the adminUsers table.

7.5CVSS7.3AI score0.07134EPSS

CVE•added 2006/08/05 12:4 a.m.•117 views

CVE-2006-3984

PHP remote file inclusion vulnerability in phpAdsNew/view.inc.php in Albasoftware Phpauction 2.1 and possibly later versions, with phpAdsNew 2.0.5, allows remote attackers to execute arbitrary PHP code via a URL in the phpAds_path parameter.

7.5CVSS7.5AI score0.12825EPSS

Web

CVE•added 2005/07/13 4:0 a.m.•36 views

CVE-2005-2252

PhpAuction 2.5 allows remote attackers to bypass authentication and gain privileges as another user by setting the PHPAUCTION_RM_ID cookie to the user ID.

7.5CVSS7.2AI score0.00572EPSS

CVE•added 2005/07/13 4:0 a.m.•35 views

CVE-2005-2253

SQL injection vulnerability in PhpAuction 2.5 allow remote attackers to modify SQL queries via the category parameter to adsearch.php. NOTE: there is evidence that viewnews.php may not be part of the PhpAuction product, so it is not included in this description.

7.5CVSS7.5AI score0.00518EPSS