Vulnerabilities > Phpauctions
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2009-04-08 | CVE-2008-6663 | SQL Injection vulnerability in PHPauctions SQL injection vulnerability in profile.php in PHPAuctions.info PHPAuctions (aka PHPAuctionSystem) allows remote attackers to execute arbitrary SQL commands via the auction_id parameter, a different vector than CVE-2009-0106. | 7.5 |
2009-01-09 | CVE-2009-0108 | Permissions, Privileges, and Access Controls vulnerability in PHPauctions NIL PHPAuctions (aka PHPAuctionSystem) allows remote attackers to bypass authentication and gain administrative access via modified (1) PHPAUCTION_RM_ID, (2) PHPAUCTION_RM_NAME, (3) PHPAUCTION_RM_USERNAME, and (4) PHPAUCTION_RM_EMAIL cookies. | 7.5 |
2009-01-09 | CVE-2009-0107 | Cross-Site Scripting vulnerability in PHPauctions NIL Cross-site scripting (XSS) vulnerability in profile.php in PHPAuctions (aka PHPAuctionSystem) allows remote attackers to inject arbitrary web script or HTML via the user_id parameter. | 4.3 |
2009-01-09 | CVE-2009-0106 | SQL Injection vulnerability in PHPauctions NIL SQL injection vulnerability in profile.php in PHPAuctions (aka PHPAuctionSystem) allows remote attackers to execute arbitrary SQL commands via the user_id parameter. | 7.5 |
2008-08-06 | CVE-2008-3487 | SQL Injection vulnerability in PHPauctions PHPauction GPL Enhanced 2.51 SQL injection vulnerability in profile.php in PHPAuction GPL Enhanced 2.51 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |