Vulnerabilities > Itechscripts > Itechbids

DATE CVE VULNERABILITY TITLE RISK
2009-11-18 CVE-2009-3968 SQL Injection vulnerability in Itechscripts Itechbids 8.0
Multiple SQL injection vulnerabilities in ITechBids 8.0 allow remote attackers to execute arbitrary SQL commands via the (1) user_id parameter to feedback.php, (2) cate_id parameter to category.php, (3) id parameter to news.php, and (4) productid parameter to itechd.php.
network
low complexity
itechscripts CWE-89
7.5
7.5
2008-11-01 CVE-2008-4872 Cross-Site Scripting vulnerability in Itechscripts Itechbids 5.0
Cross-site scripting (XSS) vulnerability in bidhistory.php in iTechBids Gold 5.0 allows remote attackers to inject arbitrary web script or HTML via the item_id parameter. 		4.3
4.3
2008-07-21 CVE-2008-3238 SQL Injection vulnerability in Itechscripts Itechbids 7.0
Multiple SQL injection vulnerabilities in ITechBids 7.0 Gold allow remote attackers to execute arbitrary SQL commands via (1) the seller_id parameter in sellers_othersitem.php, (2) the productid parameter in classifieds.php, and (3) the id parameter in shop.php.
network
low complexity
itechscripts CWE-89
7.5
7.5
2008-07-21 CVE-2008-3237 Cross-Site Scripting vulnerability in Itechscripts Itechbids 7.0
Cross-site scripting (XSS) vulnerability in forward_to_friend.php in ITechBids 7.0 Gold allows remote attackers to inject arbitrary web script or HTML via the productid parameter. 		4.3
4.3
2008-02-14 CVE-2008-0776 SQL Injection vulnerability in Itechscripts Itechbids 6.0
SQL injection vulnerability in detail.php in iTechBids Gold 6.0 allows remote attackers to execute arbitrary SQL commands via the item_id parameter.
network
low complexity
itechscripts CWE-89
7.5
7.5
2008-02-12 CVE-2008-0692 SQL Injection vulnerability in Itechscripts Itechbids 3Gold/5.0
SQL injection vulnerability in bidhistory.php in iTechBids 3 Gold and 5.0 allows remote attackers to execute arbitrary SQL commands via the item_id parameter.
network
low complexity
itechscripts CWE-89
7.5
7.5