CVE-2010-1855
published 2010-05-07CVE-2010-1855: SQL injection vulnerability in auktion.php in Pay Per Watch & Bid Auktions System allows remote attackers to execute arbitrary SQL commands via the id_auk…
PriorityP345high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.59%
72.6th percentile
SQL injection vulnerability in auktion.php in Pay Per Watch & Bid Auktions System allows remote attackers to execute arbitrary SQL commands via the id_auk parameter.
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-rrvx-ph35-x336: Cross-site scripting (XSS) vulnerability in auktion
ghsa_unreviewed·2022-05-17·CVSS 7.5
CVE-2010-1854 [HIGH] CWE-79 GHSA-rrvx-ph35-x336: Cross-site scripting (XSS) vulnerability in auktion
Cross-site scripting (XSS) vulnerability in auktion.php in Pay Per Watch & Bid Auktions System allows remote attackers to inject arbitrary web script or HTML via the id_auk parameter, which is not properly handled in a forced SQL error message. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: this might be resultant from CVE-2010-1855.
GHSA
GHSA-c58j-fj65-hr85: SQL injection vulnerability in auktion
ghsa_unreviewed·2022-05-17
CVE-2010-1855 [HIGH] CWE-89 GHSA-c58j-fj65-hr85: SQL injection vulnerability in auktion
SQL injection vulnerability in auktion.php in Pay Per Watch & Bid Auktions System allows remote attackers to execute arbitrary SQL commands via the id_auk parameter.
No detection rules found.
No writeups or analysis indexed.
http://4004securityproject.wordpress.com/2010/03/20/pay-per-watch-bid-auktions-system-blind-sql-injection-auktion-php-id_auk/http://osvdb.org/63131http://packetstormsecurity.org/1003-exploits/ppwb-sql.txthttp://secunia.com/advisories/39059http://www.exploit-db.com/exploits/11816http://www.securityfocus.com/bid/38878http://www.vupen.com/english/advisories/2010/0670https://exchange.xforce.ibmcloud.com/vulnerabilities/57055http://4004securityproject.wordpress.com/2010/03/20/pay-per-watch-bid-auktions-system-blind-sql-injection-auktion-php-id_auk/http://osvdb.org/63131http://packetstormsecurity.org/1003-exploits/ppwb-sql.txthttp://secunia.com/advisories/39059http://www.exploit-db.com/exploits/11816http://www.securityfocus.com/bid/38878http://www.vupen.com/english/advisories/2010/0670https://exchange.xforce.ibmcloud.com/vulnerabilities/57055
2010-05-07
Published