CVE-2005-2259 — Creations Makebid Auction Deluxe vulnerability

3 documents3 sources

Severity

10.0CRITICALNVD

EPSS

3.5%

top 12.29%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Usanet Creations Makebid Auction Deluxe

Timeline

PublishedJul 13

Latest updateMay 1

Description

The dispallclosed2 function in dispallclosed.pl for multiple USANet Creations products, including (1) USANet Shopping Mall Software, (2) Domain Name Auction Software, (3) Standard Classified Ads Software, and (4) MakeBid Reverse Auction allows remote attackers to execute arbitrary code via shell metacharacters in the DISPCLOSED parameter.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

▶NVDusanet_creations/makebid_auction_deluxe3.30

🔴Vulnerability Details

GHSA

GHSA-gr9q-pvmf-wx34: The dispallclosed2 function in dispallclosed↗2022-05-01

▶

CVEList

CVE-2005-2259: The dispallclosed2 function in dispallclosed↗2005-07-13

▶