Published: 26/02/2010 Updated: 17/08/2017

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 760

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

SQL injection vulnerability in news.php in Ero Auktion 2.0 and 2010 allows remote malicious users to execute arbitrary SQL commands via the id parameter.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mhproducts ero auktion 2.0
mhproducts ero auktion 2010

----------------------------Information---------------------------------------- +Autor : Easy Laster +Date : 21102010 +Script : Ero Auktion V20 SQL Injection newsphp +Download : ----- +Price : 34,90€ +Language :PHP +Discovered by Easy Laster +Security Group 4004-Security-Project +Greetz to Team-Internet ,Underground Agents +And all Friend ...

----------------------------Information---------------------------------------- +Autor : Easy Laster +Date : 21102010 +Script : Ero Auktion 2010 SQL Injection newsphp +Download : ----- +Price : 39,90€ +Language :PHP +Discovered by Easy Laster +Security Group 4004-Security-Project +Greetz to Team-Internet ,Underground Agents +And all Friends ...

CWE-89 http://4004securityproject.wordpress.com/2010/02/21/ero-auktion-2010-sql-injection-news-php/http://secunia.com/advisories/38666 http://www.exploit-db.com/exploits/11522 http://www.exploit-db.com/exploits/11521 http://4004securityproject.wordpress.com/2010/02/21/ero-auktion-v-2-0-sql-injection-news-php/http://packetstormsecurity.org/1002-exploits/eroauktion20-sql.txt http://packetstormsecurity.org/1002-exploits/eroauktion2010-sql.txt https://exchange.xforce.ibmcloud.com/vulnerabilities/56446 https://nvd.nist.gov https://www.exploit-db.com/exploits/11521/

CVE-2010-0723

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect