Vulnerabilities > Phpauctions

DATE	CVE	VULNERABILITY TITLE	RISK
2009-04-08	CVE-2008-6663	SQL Injection vulnerability in PHPauctions SQL injection vulnerability in profile.php in PHPAuctions.info PHPAuctions (aka PHPAuctionSystem) allows remote attackers to execute arbitrary SQL commands via the auction_id parameter, a different vector than CVE-2009-0106. network low complexity phpauctions CWE-89	7.5
2009-01-09	CVE-2009-0108	Permissions, Privileges, and Access Controls vulnerability in PHPauctions NIL PHPAuctions (aka PHPAuctionSystem) allows remote attackers to bypass authentication and gain administrative access via modified (1) PHPAUCTION_RM_ID, (2) PHPAUCTION_RM_NAME, (3) PHPAUCTION_RM_USERNAME, and (4) PHPAUCTION_RM_EMAIL cookies. network low complexity phpauctions CWE-264	7.5
2009-01-09	CVE-2009-0107	Cross-Site Scripting vulnerability in PHPauctions NIL Cross-site scripting (XSS) vulnerability in profile.php in PHPAuctions (aka PHPAuctionSystem) allows remote attackers to inject arbitrary web script or HTML via the user_id parameter. network phpauctions CWE-79	4.3
2009-01-09	CVE-2009-0106	SQL Injection vulnerability in PHPauctions NIL SQL injection vulnerability in profile.php in PHPAuctions (aka PHPAuctionSystem) allows remote attackers to execute arbitrary SQL commands via the user_id parameter. network low complexity phpauctions CWE-89	7.5
2008-08-06	CVE-2008-3487	SQL Injection vulnerability in PHPauctions PHPauction GPL Enhanced 2.51 SQL injection vulnerability in profile.php in PHPAuction GPL Enhanced 2.51 allows remote attackers to execute arbitrary SQL commands via the id parameter. network low complexity phpauctions CWE-89	7.5

Vulnerabilities > Phpauctions {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Phpauctions"}]}

Vulnerabilities > Phpauctions