Webid Security Vulnerabilities and Issues — Webid CVE List

Lucene search

WebidsupportWebid

4 matches found

CVE•added 2009/08/28 3:30 p.m.•34 views

CVE-2008-7117

eledicss.php in WeBid auction script 0.5.4 allows remote attackers to modify arbitrary cascading style sheets (CSS) files via a certain request with the file parameter set to style.css. NOTE: this can probably be leveraged for cross-site scripting (XSS) attacks.

5CVSS6AI score0.01192EPSS

CVE•added 2009/08/28 3:30 p.m.•33 views

CVE-2008-7118

WeBid auction script 0.5.4 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain SQL query logs via a direct request for logs/cron.log.

5CVSS7AI score0.02152EPSS

CVE•added 2009/08/28 3:30 p.m.•32 views

CVE-2008-7119

SQL injection vulnerability in item.php in WeBid auction script 0.5.4 allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5CVSS8.7AI score0.00347EPSS

CVE•added 2009/08/28 3:30 p.m.•30 views

CVE-2008-7116

SQL injection vulnerability in the admin panel (admin/) in WeBid auction script 0.5.4 allows remote attackers to execute arbitrary SQL commands via the username.

7.5CVSS8.6AI score0.00347EPSS