CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
87.0%
SQL injection vulnerability in PHP Labs Top Auction allows remote attackers to execute arbitrary SQL commands via the (1) category and (2) type parameters to viewcat.php, or (3) certain search parameters. NOTE: later a disclosure reported the affected version as 1.0.
Vendor | Product | Version | CPE |
---|---|---|---|
php_labs | top_auction | 1.0 | cpe:2.3:a:php_labs:top_auction:1.0:*:*:*:*:*:*:* |
pridels0.blogspot.com/2005/11/top-auction-multiple-sql-vuln.html
secunia.com/advisories/17687
www.osvdb.org/21105
www.osvdb.org/21106
www.securityfocus.com/archive/1/466565/100/200/threaded
www.securityfocus.com/archive/1/466569/100/200/threaded
www.securityfocus.com/bid/15547
www.vupen.com/english/advisories/2005/2552
www.exploit-db.com/exploits/3456