CVE-2009-0970

PHP Pro Bid 6.05 contains a remote file inclusion vulnerability in includes/class_image.php that is exploitable when register_globals is enabled. An attacker can supply a URL in the fileExtension parameter to cause the remote code to be executed (arbitrary PHP code). The description comes from CV...

CVE-2009-3336

CVE-2009-3336 describes an SQL injection in auction_details.php of PHP Pro Bid, exploitable via the auction_id parameter to allow remote SQL execution. The vulnerability is confirmed by multiple sources (NVD, CVE list, PRION/CVELIST) with a base score of 7.5 (HIGH). The connected documents do not...

CVE-2008-6043

CVE-2008-6043 describes multiple SQL injection vulnerabilities in PHP Pro Bid (PPB) 6.04 . Remote attackers can execute arbitrary SQL commands via the order_field and order_type parameters to categories.php (and unspecified other components). The entry notes the details are partially from third-p...