CVE-2005-1234
published 2005-05-02CVE-2005-1234: Multiple SQL injection vulnerabilities in phpbb-Auction allow remote attackers to execute arbitrary SQL commands via the (1) u parameter to auction_rating.php…
PriorityP427medium5CVSS 2.0
AVNACLAuNCNIPAN
EPSS
1.88%
76.8th percentile
Multiple SQL injection vulnerabilities in phpbb-Auction allow remote attackers to execute arbitrary SQL commands via the (1) u parameter to auction_rating.php or (2) ar parameter to action_offer.php.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| phpbb_group | phpbb-auction | — | — |
| phpbb_group | phpbb-auction | — | — |
| phpbb_group | phpbb-auction | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-4pch-258r-x42r: Multiple SQL injection vulnerabilities in phpbb-Auction allow remote attackers to execute arbitrary SQL commands via the (1) u parameter to auction_ra
ghsa_unreviewed·2022-05-01
CVE-2005-1234 [MEDIUM] GHSA-4pch-258r-x42r: Multiple SQL injection vulnerabilities in phpbb-Auction allow remote attackers to execute arbitrary SQL commands via the (1) u parameter to auction_ra
Multiple SQL injection vulnerabilities in phpbb-Auction allow remote attackers to execute arbitrary SQL commands via the (1) u parameter to auction_rating.php or (2) ar parameter to action_offer.php.
GHSA
GHSA-hhmv-43q3-6x35: Multiple SQL injection vulnerabilities in phpbb-Auction allow remote attackers to execute arbitrary SQL commands via (1) the ar parameter in auction_r
ghsa_unreviewed·2022-05-01·CVSS 5.0
CVE-2006-3940 [MEDIUM] GHSA-hhmv-43q3-6x35: Multiple SQL injection vulnerabilities in phpbb-Auction allow remote attackers to execute arbitrary SQL commands via (1) the ar parameter in auction_r
Multiple SQL injection vulnerabilities in phpbb-Auction allow remote attackers to execute arbitrary SQL commands via (1) the ar parameter in auction_room.php and (2) the u parameter in auction_store.php. NOTE: the auction_rating.php vector is already covered by CVE-2005-1234. NOTE: the original disclosure states that the product name is "PHP-Auction", but this is probably an error.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://secunia.com/advisories/15029http://securitytracker.com/id?1013779http://www.aria-security.net/advisory/phpauction.txthttp://www.osvdb.org/15704http://www.osvdb.org/15705http://www.phpbb-auction.com/sutra5600.htmlhttp://www.securityfocus.com/archive/1/441190/100/0/threadedhttp://www.securityfocus.com/bid/13283http://www.securityfocus.com/bid/13284http://www.snkenjoi.com/secadv/secadv9.txthttps://exchange.xforce.ibmcloud.com/vulnerabilities/20203http://secunia.com/advisories/15029http://securitytracker.com/id?1013779http://www.aria-security.net/advisory/phpauction.txthttp://www.osvdb.org/15704http://www.osvdb.org/15705http://www.phpbb-auction.com/sutra5600.htmlhttp://www.securityfocus.com/archive/1/441190/100/0/threadedhttp://www.securityfocus.com/bid/13283http://www.securityfocus.com/bid/13284http://www.snkenjoi.com/secadv/secadv9.txthttps://exchange.xforce.ibmcloud.com/vulnerabilities/20203
2005-05-02
Published