CVE-2006-2528

CVE-2006-2528 affects phpBazar 2.1.0 and earlier, where a vulnerability in classified_right.php allows remote attackers to execute arbitrary PHP code via a URL supplied to the language_dir parameter (PHP remote file inclusion). The issue is caused by insufficient validation of the language_dir in...

CVE-2009-4221

CVE-2009-4221 affects phpBazar’s classified.php vulnerability in versions up to 2.1.1fix and earlier, where the catid parameter allows remote SQL injection due to unsanitized input. This enables arbitrary SQL execution as described in the vulnerability text. No explicit remediation details are pr...

CVE-2009-4222

phpBazar 2.1.1fix and earlier is affected by CVE-2009-4222: it does not require administrative authentication for admin/admin.php, allowing remote attackers to access the admin control panel via a direct request. Affected versions are 2.1.1fix and earlier. The Red Hat entry confirms the same desc...

CVE-2010-2315

The CVE-2010-2315 entry describes a PHP remote file inclusion vulnerability in SmartISoft phpBazar 2.1.1, specifically in picturelib.php where an attacker can trigger arbitrary PHP code execution by supplying a URL in the cat parameter. The underlying issue is improper validation/sanitation of th...

CVE-2006-2527

CVE-2006-2527 affects phpBazar 2.1.0 and earlier. The vulnerability in Admin/admin.php allows remote attackers to bypass authentication and gain unauthorized access to the administrative section by setting the action parameter to edit_member and the value parameter to 1. The description indicates...

CVE-2008-3767

The CVE-2008-3767 entry describes an SQL injection vulnerability in phpBazar 2.0.2, found in classified.php where the adid parameter enables remote arbitrary SQL execution. Root cause is unsafe handling/concatenation of the adid input leading to SQL injection. Affected software: phpBazar 2.0.2, c...