CVSS: 9.1EPSS: 1%CPEs: 4EXPL: 2CVE-2008-6965 – AJ Auction - Authentication Bypass
https://notcve.org/view.php?id=CVE-2008-6965
13 Aug 2009 — AJ Square AJ Auction OOPD, Pro Platinum Skin #1, Pro Platinum Skin #2, and Web 2.0 send a redirect but do not exit when certain scripts are called directly, which allows remote attackers to bypass authentication via a direct request to (1) site.php, (2) auction.php, (3) mail.php, (4) fee_setting.php, (5) earnings.php, (6) insertion_fee_settings.php, (7) custom_category.php, (8) subcategory.php, (9) category.php, (10) report.php, (11) store_manager.php, and (12) choose_sell_format.php in admin/, and possibly... • https://www.exploit-db.com/exploits/7087 • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2008-6414 – AJ Auction Pro Platinum Skin - 'item_id' SQL Injection
https://notcve.org/view.php?id=CVE-2008-6414
06 Mar 2009 — SQL injection vulnerability in detail.php in AJ Auction Pro Platinum Skin 2 allows remote attackers to execute arbitrary SQL commands via the item_id parameter. Vulnerabilidad de inyección SQL en detail.php en AJ Auction Pro Platinum Skin v2 permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro "item_id". • https://www.exploit-db.com/exploits/6550 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2008-6004 – AJ Auction Pro Platinum - 'seller_id' SQL Injection
https://notcve.org/view.php?id=CVE-2008-6004
28 Jan 2009 — Cross-site scripting (XSS) vulnerability in search.php in AJ Auction Pro Platinum 2 allows remote attackers to inject arbitrary web script or HTML via the product parameter. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en search.php en AJ Auction Pro Platinum 2, permite a atacantes remotos inyectar secuencias de comandos web y HTML de su elección a través del parámetro "product". • https://www.exploit-db.com/exploits/6561 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2008-6003 – AJ Auction Pro Platinum - 'seller_id' SQL Injection
https://notcve.org/view.php?id=CVE-2008-6003
28 Jan 2009 — SQL injection vulnerability in sellers_othersitem.php in AJ Auction Pro Platinum 2 allows remote attackers to execute arbitrary SQL commands via the seller_id parameter. Vulnerabilidad de inyección SQL en sellers_othersitem.php en AJ Auction Pro Platinum 2, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro "seller_id". • https://www.exploit-db.com/exploits/6561 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 2CVE-2008-5212 – AJ Auction 6.2.1 - 'classifide_ad.php' SQL Injection
https://notcve.org/view.php?id=CVE-2008-5212
24 Nov 2008 — SQL injection vulnerability in classifide_ad.php in AJ Auction 6.2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the item_id parameter. Vulnerabilidad de inyección SQL en classifide_ad.php en AJ Auction v6.2.1 y versiones anteriores permite a atacantes remotos ejecutar comandos SQL de su elección mediante el parámetro "item_id". • https://www.exploit-db.com/exploits/5591 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2008-2860 – AJ Auction Web 2.0 - 'cate_id' SQL Injection
https://notcve.org/view.php?id=CVE-2008-2860
25 Jun 2008 — SQL injection vulnerability in category.php in AJSquare AJ Auction Pro web 2.0 allows remote attackers to execute arbitrary SQL commands via the cate_id parameter. Vulnerabilidad de inyección SQL en category.php en AJSquare AJ Auction Pro web 2.0, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro cate_id. • https://www.exploit-db.com/exploits/5867 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •