CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 3CVE-2006-3940 – phpBB-Auction 1.x - 'auction_store.php?u' SQL Injection
https://notcve.org/view.php?id=CVE-2006-3940
Multiple SQL injection vulnerabilities in phpbb-Auction allow remote attackers to execute arbitrary SQL commands via (1) the ar parameter in auction_room.php and (2) the u parameter in auction_store.php. NOTE: the auction_rating.php vector is already covered by CVE-2005-1234. NOTE: the original disclosure states that the product name is "PHP-Auction", but this is probably an error. Múltiples vulnerabilidades de inyección SQL en phpbb-Auction permiten a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro (1) "ar" en auction_room.php y (2) "u" en auction_store.php. NOTA: El vector auction_rating.php está ya descrito en CVE-2005-1234. NOTA: La descripción original apunta que el nombre de producto es "PHP-Auction", pero es un error probablemente. • https://www.exploit-db.com/exploits/28282 https://www.exploit-db.com/exploits/28281 http://securityreason.com/securityalert/1306 http://www.aria-security.net/advisory/phpauction.txt http://www.securityfocus.com/archive/1/441190/100/0/threaded http://www.securityfocus.com/bid/19179 https://exchange.xforce.ibmcloud.com/vulnerabilities/28006 •
CVSS: 6.8EPSS: 8%CPEs: 3EXPL: 1CVE-2006-2245 – Auction 1.3m - 'phpbb_root_path' Remote File Inclusion
https://notcve.org/view.php?id=CVE-2006-2245
PHP remote file inclusion vulnerability in auction\auction_common.php in Auction mod 1.3m for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. • https://www.exploit-db.com/exploits/1747 http://pridels0.blogspot.com/2006/05/phpbb-auction-mod-remote-file.html http://secunia.com/advisories/19944 http://www.osvdb.org/25263 http://www.securityfocus.com/bid/17822 http://www.vupen.com/english/advisories/2006/1641 https://exchange.xforce.ibmcloud.com/vulnerabilities/26192 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.0EPSS: 1%CPEs: 2EXPL: 7CVE-2005-1234
https://notcve.org/view.php?id=CVE-2005-1234
Multiple SQL injection vulnerabilities in phpbb-Auction allow remote attackers to execute arbitrary SQL commands via the (1) u parameter to auction_rating.php or (2) ar parameter to action_offer.php. • http://secunia.com/advisories/15029 http://securitytracker.com/id?1013779 http://www.aria-security.net/advisory/phpauction.txt http://www.osvdb.org/15704 http://www.osvdb.org/15705 http://www.phpbb-auction.com/sutra5600.html http://www.securityfocus.com/archive/1/441190/100/0/threaded http://www.securityfocus.com/bid/13283 http://www.securityfocus.com/bid/13284 http://www.snkenjoi.com/secadv/secadv9.txt https://exchange.xforce.ibmcloud.com/vulnerabilities/20203 •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 3CVE-2005-1235
https://notcve.org/view.php?id=CVE-2005-1235
auction_my_auctions.php in phpbb-Auction 1.2m and earlier allows remote attackers to obtain sensitive information via an invalid mode parameter, which leaks the full path in a PHP error message. • http://secunia.com/advisories/15029 http://securitytracker.com/id?1013779 http://www.osvdb.org/15706 http://www.phpbb-auction.com/sutra5600.html http://www.snkenjoi.com/secadv/secadv9.txt •