2 matches found
CVE-2010-1855
CVE-2010-1855 is a SQL injection vulnerability in the Pay Per Watch & Bid Auktions System, specifically in auktion.php where the id_auk parameter can be manipulated to execute arbitrary SQL commands. The vulnerability is documented in the NVD entry for CVE-2010-1855 and is corroborated by multipl...
CVE-2010-1854
CVE-2010-1854 concerns an XSS in auktion.php of Pay Per Watch & Bid Auktions System, exploitable through the id_auk parameter, where an injected script/HTML appears in a forced SQL error message. Related records (NVD/Red Hat) confirm this vulnerability and its association to CVE-2010-1855 (SQL in...