CVE-2008-3238
published 2008-07-21CVE-2008-3238: Multiple SQL injection vulnerabilities in ITechBids 7.0 Gold allow remote attackers to execute arbitrary SQL commands via (1) the seller_id parameter in…
PriorityP342high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.20%
64.2th percentile
Multiple SQL injection vulnerabilities in ITechBids 7.0 Gold allow remote attackers to execute arbitrary SQL commands via (1) the seller_id parameter in sellers_othersitem.php, (2) the productid parameter in classifieds.php, and (3) the id parameter in shop.php.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| itechscripts | itechbids | — | — |
| itechscripts | itechbids | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-5hx3-5f7f-xvj2: Multiple SQL injection vulnerabilities in ITechBids 8
ghsa_unreviewed·2022-05-02·CVSS 7.5
CVE-2009-3968 [HIGH] CWE-89 GHSA-5hx3-5f7f-xvj2: Multiple SQL injection vulnerabilities in ITechBids 8
Multiple SQL injection vulnerabilities in ITechBids 8.0 allow remote attackers to execute arbitrary SQL commands via the (1) user_id parameter to feedback.php, (2) cate_id parameter to category.php, (3) id parameter to news.php, and (4) productid parameter to itechd.php. NOTE: the sellers_othersitem.php, classifieds.php, and shop.php vectors are already covered by CVE-2008-3238.
GHSA
GHSA-rg87-qff6-85m5: Multiple SQL injection vulnerabilities in ITechBids 7
ghsa_unreviewed·2022-05-01
CVE-2008-3238 [HIGH] CWE-89 GHSA-rg87-qff6-85m5: Multiple SQL injection vulnerabilities in ITechBids 7
Multiple SQL injection vulnerabilities in ITechBids 7.0 Gold allow remote attackers to execute arbitrary SQL commands via (1) the seller_id parameter in sellers_othersitem.php, (2) the productid parameter in classifieds.php, and (3) the id parameter in shop.php.
No detection rules found.
No writeups or analysis indexed.
http://secunia.com/advisories/31084http://securityreason.com/securityalert/4015http://www.securityfocus.com/bid/30215http://www.vupen.com/english/advisories/2008/2107/referenceshttps://exchange.xforce.ibmcloud.com/vulnerabilities/43759https://www.exploit-db.com/exploits/6069http://secunia.com/advisories/31084http://securityreason.com/securityalert/4015http://www.securityfocus.com/bid/30215http://www.vupen.com/english/advisories/2008/2107/referenceshttps://exchange.xforce.ibmcloud.com/vulnerabilities/43759https://www.exploit-db.com/exploits/6069
2008-07-21
Published