smartisoft phpbazar vulnerabilities and exploits

(subscribe to this query)

phpBazar 2.1.1fix and previous versions does not require administrative authentication for admin/admin.php, which allows remote malicious users to obtain access to the admin control panel via a direct request.

Smartisoft Phpbazar 2.0.2 Smartisoft Phpbazar 2.1.0 Smartisoft Phpbazar 2.1.1fix Smartisoft Phpbazar

1 EDB exploit

SQL injection vulnerability in classified.php in phpBazar 2.1.1fix and previous versions allows remote malicious users to execute arbitrary SQL commands via the catid parameter, a different vector than CVE-2008-3767.

Smartisoft Phpbazar 2.0.2 Smartisoft Phpbazar Smartisoft Phpbazar 2.1.1 Smartisoft Phpbazar 2.1.0

1 EDB exploit

Admin/admin.php in phpBazar 2.1.0 and previous versions allows remote malicious users to bypass the authentication process and gain unauthorized access to the administrative section by setting the action parameter to edit_member and the value parameter to 1.

Smartisoft Phpbazar 2.1.0

1 EDB exploit

PHP remote file inclusion vulnerability in picturelib.php in SmartISoft phpBazar 2.1.1 allows remote malicious users to execute arbitrary PHP code via a URL in the cat parameter.

Smartisoft Phpbazar 2.1.1

1 EDB exploit

PHP remote file inclusion vulnerability in classified_right.php in phpBazar 2.1.0 and previous versions allows remote malicious users to execute arbitrary PHP code via a URL in the language_dir parameter.

Smartisoft Phpbazar 2.1.0

1 EDB exploit

SQL injection vulnerability in classified.php in phpBazar 2.0.2 allows remote malicious users to execute arbitrary SQL commands via the adid parameter.

Smartisoft Phpbazar 2.0.2

1 EDB exploit

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook