Multiple SQL Injection Vulnerabilities in phpbb-Auction by PHPBB
CVE-2005-1234

Currently unrated

Key Information:

Vendor

PHPbb Group

Status
PHPbb-auction
Vendor
CVE Published:
2 May 2005

What is CVE-2005-1234?

The phpbb-Auction product has multiple SQL injection vulnerabilities that enable remote attackers to execute arbitrary SQL commands. Specific vulnerabilities can be exploited through the 'u' parameter in auction_rating.php and the 'ar' parameter in action_offer.php, potentially compromising database integrity and application security.

References

http://www.snkenjoi.com/secadv/secadv9.txt
x_refsource_MISC
http://www.securityfocus.com/archive/1/441190/100/0/threaded
mailing-listx_refsource_BUGTRAQ
http://www.osvdb.org/15704
vdb-entryx_refsource_OSVDB

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.