2 matches found
CVE-2005-1234
CVE-2005-1234 : Multiple SQL injection vulnerabilities in phpbb-Auction allow remote attackers to execute arbitrary SQL commands via (1) the u parameter to auction_rating.php or (2) the ar parameter to action_offer.php. These entries describe the affected product as phpbb-Auction and identify the...
CVE-2005-1235
The CVE concerns phpbb-Auction 1.2m and earlier, where auction_my_auctions.php accepts an invalid mode parameter and, via a PHP error message, leaks the full path. This is a potential information disclosure vulnerability in the PHP code path handling the auction feature. The provided documents do...