Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
phpauction vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2008-6999
phpAuction 3.2, and possibly 3.3.0 GPL Basic edition, allows remote malicious users to obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function.
Phpauction Phpauction 3.2
Phpauction Phpauction 3.3.0
NA
CVE-2008-2900
SQL injection vulnerability in item.php in PHPAuction 3.2 allows remote malicious users to execute arbitrary SQL commands via the id parameter.
Phpauction Phpauction 3.2
1 EDB exploit
NA
CVE-2008-7000
PHP remote file inclusion vulnerability in index.php in PHPAuction 3.2 allows remote malicious users to execute arbitrary PHP code via a URL in the lan parameter. NOTE: this might be related to CVE-2005-2255.1.
Phpauction Phpauction 3.2
1 EDB exploit
NA
CVE-2002-0995
login.php for PHPAuction allows remote malicious users to gain privileges via a direct call to login.php with the action parameter set to "insert," which adds the provided username to the adminUsers table.
Gianluca Baldo Phpauction 1.2
Gianluca Baldo Phpauction 1.3
Gianluca Baldo Phpauction 2.0
Gianluca Baldo Phpauction 2.1
1 EDB exploit
NA
CVE-2008-1416
Multiple PHP remote file inclusion vulnerabilities in PHPauction GPL 2.51 allow remote malicious users to execute arbitrary PHP code via a URL in the include_path parameter to (1) converter.inc.php, (2) messages.inc.php, and (3) settings.inc.php in includes/.
Phpauction Phpauction Gpl 2.51
1 EDB exploit
NA
CVE-2005-2254
Multiple cross-site scripting (XSS) vulnerabilities in PhpAuction 2.5 allow remote malicious users to inject arbitrary web script or HTML via the lan parameter to (1) index.php or (2) admin/index.php, or (3) the auction_id parameter to profile.php. NOTE: there is evidence that vi...
Gianluca Baldo Phpauction 2.5
NA
CVE-2005-2252
PhpAuction 2.5 allows remote malicious users to bypass authentication and gain privileges as another user by setting the PHPAUCTION_RM_ID cookie to the user ID.
Gianluca Baldo Phpauction 2.5
NA
CVE-2005-2253
SQL injection vulnerability in PhpAuction 2.5 allow remote malicious users to modify SQL queries via the category parameter to adsearch.php. NOTE: there is evidence that viewnews.php may not be part of the PhpAuction product, so it is not included in this description.
Gianluca Baldo Phpauction 2.5
NA
CVE-2005-2255
Directory traversal vulnerability in PhpAuction 2.5 allows remote malicious users to read arbitrary files, include local PHP files, or obtain sensitive path information via ".." sequences in the lan parameter to (1) index.php or (2) admin/index.php.
Gianluca Baldo Phpauction 2.5
NA
CVE-2008-3487
SQL injection vulnerability in profile.php in PHPAuction GPL Enhanced 2.51 allows remote malicious users to execute arbitrary SQL commands via the id parameter.
Phpauctions Phpauction Gpl Enhanced 2.51
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-26925
CVE-2023-41826
LFI
CVE-2022-22364
CVE-2024-2887
command injection
remote code execution
CVE-2024-34446
CVE-2022-48699
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »