Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
phpauction vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2008-6999
phpAuction 3.2, and possibly 3.3.0 GPL Basic edition, allows remote malicious users to obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function.
Phpauction Phpauction 3.2
Phpauction Phpauction 3.3.0
7.5
CVSSv2
CVE-2008-2900
SQL injection vulnerability in item.php in PHPAuction 3.2 allows remote malicious users to execute arbitrary SQL commands via the id parameter.
Phpauction Phpauction 3.2
1 EDB exploit
7.5
CVSSv2
CVE-2008-7000
PHP remote file inclusion vulnerability in index.php in PHPAuction 3.2 allows remote malicious users to execute arbitrary PHP code via a URL in the lan parameter. NOTE: this might be related to CVE-2005-2255.1.
Phpauction Phpauction 3.2
1 EDB exploit
7.5
CVSSv2
CVE-2002-0995
login.php for PHPAuction allows remote malicious users to gain privileges via a direct call to login.php with the action parameter set to "insert," which adds the provided username to the adminUsers table.
Gianluca Baldo Phpauction 1.2
Gianluca Baldo Phpauction 1.3
Gianluca Baldo Phpauction 2.0
Gianluca Baldo Phpauction 2.1
1 EDB exploit
6.8
CVSSv2
CVE-2008-1416
Multiple PHP remote file inclusion vulnerabilities in PHPauction GPL 2.51 allow remote malicious users to execute arbitrary PHP code via a URL in the include_path parameter to (1) converter.inc.php, (2) messages.inc.php, and (3) settings.inc.php in includes/.
Phpauction Phpauction Gpl 2.51
1 EDB exploit
7.5
CVSSv2
CVE-2005-2252
PhpAuction 2.5 allows remote malicious users to bypass authentication and gain privileges as another user by setting the PHPAUCTION_RM_ID cookie to the user ID.
Gianluca Baldo Phpauction 2.5
7.5
CVSSv2
CVE-2005-2253
SQL injection vulnerability in PhpAuction 2.5 allow remote malicious users to modify SQL queries via the category parameter to adsearch.php. NOTE: there is evidence that viewnews.php may not be part of the PhpAuction product, so it is not included in this description.
Gianluca Baldo Phpauction 2.5
4.3
CVSSv2
CVE-2005-2254
Multiple cross-site scripting (XSS) vulnerabilities in PhpAuction 2.5 allow remote malicious users to inject arbitrary web script or HTML via the lan parameter to (1) index.php or (2) admin/index.php, or (3) the auction_id parameter to profile.php. NOTE: there is evidence that vi...
Gianluca Baldo Phpauction 2.5
6.4
CVSSv2
CVE-2005-2255
Directory traversal vulnerability in PhpAuction 2.5 allows remote malicious users to read arbitrary files, include local PHP files, or obtain sensitive path information via ".." sequences in the lan parameter to (1) index.php or (2) admin/index.php.
Gianluca Baldo Phpauction 2.5
7.5
CVSSv2
CVE-2008-3487
SQL injection vulnerability in profile.php in PHPAuction GPL Enhanced 2.51 allows remote malicious users to execute arbitrary SQL commands via the id parameter.
Phpauctions Phpauction Gpl Enhanced 2.51
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
hardcoded
arbitrary code
CVE-2024-2404
CVE-2024-21111
CVE-2024-28627
CVE-2024-4073
information disclosure
CVE-2024-32780
CVE-2024-4040
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »