CVE-2006-2245

Summary of CVE-2006-2245 (CVE List: CVE-2006-2245) : Affected software is the Auction mod for phpBB (Auction mod 1.3m). The vulnerability resides in the file auction/auction_common.php, enabling a PHP remote file inclusion when an attacker supplies a URL in the phpbb_root_path parameter. This all...

CVE-2005-1234

CVE-2005-1234 : Multiple SQL injection vulnerabilities in phpbb-Auction allow remote attackers to execute arbitrary SQL commands via (1) the u parameter to auction_rating.php or (2) the ar parameter to action_offer.php. These entries describe the affected product as phpbb-Auction and identify the...

CVE-2006-3940

CVE-2006-3940 concerns multiple SQL injection vulnerabilities in the phpbb-Auction package. The affected components, as described in the provided documents, allow remote attackers to execute arbitrary SQL commands via the following parameters: (1) ar in auction_room.php and (2) u in auction_store...

CVE-2005-1235

The CVE concerns phpbb-Auction 1.2m and earlier, where auction_my_auctions.php accepts an invalid mode parameter and, via a PHP error message, leaks the full path. This is a potential information disclosure vulnerability in the PHP code path handling the auction feature. The provided documents do...