cbcvebase.

Smartisoft Phpbazar vulnerabilities

6 known vulnerabilities affecting smartisoft/phpbazar.

Total CVEs
6
CISA KEV
0
Public exploits
6
Exploited in wild
0
Severity breakdown
HIGH5MEDIUM1

Vulnerabilities

Page 1 of 1
CVE-2010-2315P3HIGHCVSS 7.5PoCv2.1.12010-06-17
CVE-2010-2315 [HIGH] CWE-94 CVE-2010-2315: PHP remote file inclusion vulnerability in picturelib.php in SmartISoft phpBazar 2.1.1 allows remote PHP remote file inclusion vulnerability in picturelib.php in SmartISoft phpBazar 2.1.1 allows remote attackers to execute arbitrary PHP code via a URL in the cat parameter.
nvd
CVE-2009-4222P3HIGHCVSS 7.5PoC≤ 2.1.1v2.0.2+2 more2009-12-07
CVE-2009-4222 [HIGH] CWE-264 CVE-2009-4222: phpBazar 2.1.1fix and earlier does not require administrative authentication for admin/admin.php, wh phpBazar 2.1.1fix and earlier does not require administrative authentication for admin/admin.php, which allows remote attackers to obtain access to the admin control panel via a direct request.
nvd
CVE-2006-2527P3HIGHCVSS 7.5PoCv2.1.02006-05-22
CVE-2006-2527 [HIGH] CVE-2006-2527: Admin/admin.php in phpBazar 2.1.0 and earlier allows remote attackers to bypass the authentication p Admin/admin.php in phpBazar 2.1.0 and earlier allows remote attackers to bypass the authentication process and gain unauthorized access to the administrative section by setting the action parameter to edit_member and the value parameter to 1.
nvd
CVE-2009-4221P3HIGHCVSS 7.5PoC≤ 2.1.1fixv2.0.2+2 more2009-12-07
CVE-2009-4221 [HIGH] CVE-2009-4221: SQL injection vulnerability in classified.php in phpBazar 2.1.1fix and earlier allows remote attacke SQL injection vulnerability in classified.php in phpBazar 2.1.1fix and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter, a different vector than CVE-2008-3767.
nvd
CVE-2008-3767P3HIGHCVSS 7.5PoCv2.0.22008-08-22
CVE-2008-3767 [HIGH] CWE-89 CVE-2008-3767: SQL injection vulnerability in classified.php in phpBazar 2.0.2 allows remote attackers to execute a SQL injection vulnerability in classified.php in phpBazar 2.0.2 allows remote attackers to execute arbitrary SQL commands via the adid parameter.
nvd
CVE-2006-2528P3MEDIUMCVSS 6.4PoCv2.1.02006-05-22
CVE-2006-2528 [MEDIUM] CVE-2006-2528: PHP remote file inclusion vulnerability in classified_right.php in phpBazar 2.1.0 and earlier allows PHP remote file inclusion vulnerability in classified_right.php in phpBazar 2.1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the language_dir parameter.
nvd
Smartisoft Phpbazar vulnerabilities | cvebase