Aj Square Aj Auction vulnerabilities
7 known vulnerabilities affecting aj_square/aj_auction.
Total CVEs
7
CISA KEV
0
Public exploits
7
Exploited in wild
0
Severity breakdown
HIGH6MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2008-6966P3HIGHCVSS 7.5PoCv1.02009-08-13
CVE-2008-6966 [HIGH] CWE-264 CVE-2008-6966: AJ Square AJ Auction Pro Platinum Skin #1 sends a redirect but does not exit when it is called direc
AJ Square AJ Auction Pro Platinum Skin #1 sends a redirect but does not exit when it is called directly, which allows remote attackers to bypass authentication via a direct request to admin/user.php.
nvd
CVE-2008-6965P3HIGHCVSS 7.5PoCv1.0v2.0+1 more2009-08-13
CVE-2008-6965 [HIGH] CWE-287 CVE-2008-6965: AJ Square AJ Auction OOPD, Pro Platinum Skin #1, Pro Platinum Skin #2, and Web 2.0 send a redirect b
AJ Square AJ Auction OOPD, Pro Platinum Skin #1, Pro Platinum Skin #2, and Web 2.0 send a redirect but do not exit when certain scripts are called directly, which allows remote attackers to bypass authentication via a direct request to (1) site.php, (2) auction.php, (3) mail.php, (4) fee_setting.php, (5) earnings.php, (6) insertion_fee_settings.php, (7)
nvd
CVE-2008-5212P3HIGHCVSS 7.5PoC≤ 6.2.1v1.0+1 more2008-11-24
CVE-2008-5212 [HIGH] CWE-89 CVE-2008-5212: SQL injection vulnerability in classifide_ad.php in AJ Auction 6.2.1 and earlier allows remote attac
SQL injection vulnerability in classifide_ad.php in AJ Auction 6.2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the item_id parameter.
nvd
CVE-2008-6414P3HIGHCVSS 7.5PoCv2.02009-03-06
CVE-2008-6414 [HIGH] CWE-89 CVE-2008-6414: SQL injection vulnerability in detail.php in AJ Auction Pro Platinum Skin 2 allows remote attackers
SQL injection vulnerability in detail.php in AJ Auction Pro Platinum Skin 2 allows remote attackers to execute arbitrary SQL commands via the item_id parameter.
nvd
CVE-2008-2860P3HIGHCVSS 7.5PoCvweb_2.02008-06-25
CVE-2008-2860 [HIGH] CWE-89 CVE-2008-2860: SQL injection vulnerability in category.php in AJSquare AJ Auction Pro web 2.0 allows remote attacke
SQL injection vulnerability in category.php in AJSquare AJ Auction Pro web 2.0 allows remote attackers to execute arbitrary SQL commands via the cate_id parameter.
nvd
CVE-2008-6003P3HIGHCVSS 7.5PoCv2.02009-01-28
CVE-2008-6003 [HIGH] CWE-89 CVE-2008-6003: SQL injection vulnerability in sellers_othersitem.php in AJ Auction Pro Platinum 2 allows remote att
SQL injection vulnerability in sellers_othersitem.php in AJ Auction Pro Platinum 2 allows remote attackers to execute arbitrary SQL commands via the seller_id parameter.
nvd
CVE-2008-6004P4MEDIUMCVSS 4.3PoCv2.02009-01-28
CVE-2008-6004 [MEDIUM] CWE-79 CVE-2008-6004: Cross-site scripting (XSS) vulnerability in search.php in AJ Auction Pro Platinum 2 allows remote at
Cross-site scripting (XSS) vulnerability in search.php in AJ Auction Pro Platinum 2 allows remote attackers to inject arbitrary web script or HTML via the product parameter.
nvd