Vulnerabilities > Gianluca Baldo > Phpauction > 2.1
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-08-05 | CVE-2006-3984 | Remote File Include vulnerability in PHPAuction PHPAds_Path Variable PHP remote file inclusion vulnerability in phpAdsNew/view.inc.php in Albasoftware Phpauction 2.1 and possibly later versions, with phpAdsNew 2.0.5, allows remote attackers to execute arbitrary PHP code via a URL in the phpAds_path parameter. | 7.5 |
2002-10-04 | CVE-2002-0995 | Unspecified vulnerability in Gianluca Baldo PHPauction login.php for PHPAuction allows remote attackers to gain privileges via a direct call to login.php with the action parameter set to "insert," which adds the provided username to the adminUsers table. | 7.5 |