Lucene search
K
WebidsupportWebid

17 matches found

CVE
CVE
added 2024/05/22 1:59 p.m.82 views

CVE-2024-35409

WeBid 1.1.2 is vulnerable to SQL Injection through the admin/tax.php endpoint. The root cause is a SQL query in admin/tax.php that permits unauthorized access to database information, leading to high impact on confidentiality, integrity, and availability (CVSS 3.1 base score 9.8). The connected P...

9.8CVSS8.4AI score0.0051EPSS
CVE
CVE
added 2022/10/14 12:0 a.m.62 views

CVE-2022-41477

WeBid

9.1CVSS9AI score0.01075EPSS
Web
CVE
CVE
added 2014/07/25 7:0 p.m.58 views

CVE-2014-5101

CVE-2014-5101 affects WeBid 1.1.1 with multiple XSS vulnerabilities (and LDAP injection per some sources). The issues allow remote attackers to inject arbitrary scripts/HTML via parameters in register.php (TPL_name, TPL_nick, TPL_email, TPL_year, TPL_address, TPL_city, TPL_prov, TPL_zip, TPL_phon...

4.3CVSS5.8AI score0.02503EPSS
CVE
CVE
added 2019/04/29 1:47 p.m.51 views

CVE-2019-11592

CVE-2019-11592 affects WeBid 1.2.2 and is a reflected XSS vulnerability. The issue is triggered via user-supplied input in the id parameter of admin/deletenews.php, admin/editbannersuser.php, admin/editfaqscategory.php, or admin/excludeuser.php, and via the offset parameter in admin/edituser.php....

6.1CVSS5.9AI score0.00826EPSS
Web
CVE
CVE
added 2023/11/08 12:0 a.m.51 views

CVE-2023-47397

CVE-2023-47397 affects WeBid 1.2.2 and earlier, with a code injection vulnerability via admin/categoriestrans.php. The issue is confirmed across multiple feeds (e.g., PT-2023-30442) and is rated CVSS v3.1 9.8 (Critical) with impact to confidentiality, integrity, and availability. Remediation: upg...

9.8CVSS9.5AI score0.00961EPSS
CVE
CVE
added 2024/04/19 12:0 a.m.51 views

CVE-2024-32166

The CVE-2024-32166 issue affects Webid v1.2.1 and is an Insecure Direct Object Reference (IDOR) leading to Broken Access Control. This allows horizontal privilege escalation—attackers can prematurely complete a purchase on a suspended auction. Root cause and exact vulnerable component are describ...

8.8CVSS6.9AI score0.00738EPSS
CVE
CVE
added 2011/10/07 10:0 a.m.50 views

CVE-2010-4873

The CVE-2010-4873 entry concerns WeBid 0.8.5 P1 with a reflected cross-site scripting (XSS) vulnerability in confirm.php, exploitable by supplying a crafted id parameter. The root cause is insufficient input sanitization of user-supplied id, enabling remote attackers to inject arbitrary script/HT...

4.3CVSS5.9AI score0.01776EPSS
CVE
CVE
added 2011/09/24 12:0 a.m.47 views

CVE-2011-3815

WeBid 1.0.0 is affected by an information-disclosure vulnerability: an unauthorized remote user can trigger an error page from certain PHP files (e.g., js/calendar.php) that reveals the installation path. Affects components handling direct PHP requests; underlying cause is improper error handling...

5CVSS6.3AI score0.01914EPSS
CVE
CVE
added 2018/12/20 5:0 p.m.46 views

CVE-2018-1000882

CVE-2018-1000882 concerns WeBid up to version 1.2.2, where a directory traversal vulnerability exists in the getthumb.php script, allowing Arbitrary Image File Read. The issue is exploitable via HTTP GET requests and is caused by insufficient validation of file paths in getthumb.php. Multiple con...

7.5CVSS7.5AI score0.02377EPSS
CVE
CVE
added 2009/08/28 3:0 p.m.45 views

CVE-2008-7117

CVE-2008-7117 affects WeBid 0.5.4: eledicss.php lets remote attackers modify arbitrary CSS files (file parameter set to style.css). This could enable cross-site scripting. No further exploit details are provided in the connected documents; no remediation is specified here.

5CVSS6AI score0.01731EPSS
CVE
CVE
added 2009/08/28 3:0 p.m.45 views

CVE-2008-7118

WeBid auction script 0.5.4 stores sensitive information under the web root with insufficient access control, allowing remote attackers to obtain SQL query logs via a direct request for logs/cron.log. No remediation details are provided in the supplied documents; public exploit references exist bu...

5CVSS7AI score0.02445EPSS
CVE
CVE
added 2014/07/29 2:0 p.m.45 views

CVE-2014-5114

WeBid <= 1.1.1 is vulnerable to LDAP injection via the (1) js and (2) cat parameters, allowing remote attackers to exploit the issue (CVE-2014-5114). Multiple sources (NVD, Red Hat advisory, CVE listings, and OpenVAS) confirm this vulnerability in WeBid 1.1.1, with a CVSSv2 base score of 7.5 (...

7.5CVSS7.2AI score0.02096EPSS
CVE
CVE
added 2018/12/20 5:0 p.m.45 views

CVE-2018-1000868

WeBid up to version 1.2.2 is affected by a Cross-Site Scripting (XSS) vulnerability in user_login.php and register.php. The issue allows execution of JavaScript in a user’s browser when a victim user clicks a malicious link, via injected markup on the affected pages. The vulnerability is fixed af...

6.1CVSS6.2AI score0.0163EPSS
CVE
CVE
added 2009/08/28 3:0 p.m.43 views

CVE-2008-7119

CVE-2008-7119 is a SQL injection vulnerability affecting WeBid auction script 0.5.4, in item.php via the id parameter, allowing remote attackers to execute arbitrary SQL commands. The issue is publicly documented in NVD/NVD-derived records and is corroborated by references to exploit code (e.g., ...

7.5CVSS8.7AI score0.00967EPSS
CVE
CVE
added 2021/01/27 3:29 p.m.43 views

CVE-2020-23359

CVE-2020-23359 affects WeBid 1.2.2 (admin/newuser.php) where password rechecking during registration uses a loose comparison, allowing two non-identical passwords to bypass the identicalness check. The issue is caused by non-strict equality logic in the registration flow, enabling potential bypas...

9.8CVSS9.5AI score0.01208EPSS
Web
CVE
CVE
added 2009/08/28 3:0 p.m.40 views

CVE-2008-7116

The vulnerability CVE-2008-7116 affects WeBid auction script 0.5.4 and is an SQL injection in the admin panel (admin/). The underlying issue is injection via the username parameter, allowing remote attackers to execute arbitrary SQL commands. Affected component: admin panel; impact: arbitrary SQL...

7.5CVSS8.6AI score0.00967EPSS
Web
CVE
CVE
added 2018/12/20 5:0 p.m.40 views

CVE-2018-1000867

Affected software: WeBid (up to current version 1.2.2). Vulnerability: SQL Injection in all five yourauctions*.php scripts, allowing (via HTTP requests) a Blind SQL Injection that can cause database read. Root cause: improper input handling in the listed PHP scripts. Impact: potential data exposu...

8.8CVSS9.1AI score0.01461EPSS