CVE-2008-0776

CVE-2008-0776 concerns SQL injection in iTechBids Gold 6.0’s detail.php via the item_id parameter. The vulnerability enables remote attackers to alter or disclose database data by crafting input that is not properly sanitized. Affected component is the detail.php script; root cause is improper ha...

CVE-2008-4872

The CVE-2008-4872 entry describes a Cross-site scripting (XSS) vulnerability in the iTechBids Gold 5.0 product, specifically in the bidhistory.php script, where an attacker can inject arbitrary web script or HTML through the item_id parameter. The affected component is the bidhistory.php code pat...

CVE-2009-3968

CVE-2009-3968 describes multiple SQL injection vulnerabilities in ITechBids 8.0. The issues allow remote attackers to execute arbitrary SQL commands via (1) user_id in feedback.php, (2) cate_id in category.php, (3) id in news.php, and (4) productid in itechd.php. The note mentions that vectors in...

CVE-2008-0692

CVE-2008-0692 describes an SQL injection in the file bidhistory.php of iTechBids 3 Gold and 5.0, allowing remote attackers to execute arbitrary SQL via the item_id parameter. The NVD entry lists a base score of 7.5 (HIGH) with network access, low attack complexity, and no authentication required,...

CVE-2008-3238

CVE-2008-3238 : Multiple SQL injection vulnerabilities in ITechBids 7.0 Gold allow remote attackers to execute arbitrary SQL commands via (1) seller_id in sellers_othersitem.php, (2) productid in classifieds.php, and (3) id in shop.php. The connected records also reference ITechBids 8.0 vectors, ...

CVE-2008-3237

CVE-2008-3237 is a reported XSS vulnerability affecting ITechBids 7.0 Gold. The flaw occurs in forward_to_friend.php, where the productid parameter can be exploited to inject arbitrary web script or HTML. This impacts users who can be targeted via crafted input sent to the affected endpoint, pote...