Phpauction

phpauction

CVEs (6)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2006-3984 2Gianluca Baldo Phpadsnew 2Phpadsnew Phpauction Apr 16, 2026 Aug 5, 2006 N/A· v4 N/A· v3 7.5 HIGH· v2 PHP remote file inclusion vulnerability in phpAdsNew/view.inc.php in Albasoftware Phpauction 2.1 and possibly later versions, with phpAdsNew 2.0.5, allows remote attackers to execute arbitrary PHP code via a URL in the p...Show more PHP remote file inclusion vulnerability in phpAdsNew/view.inc.php in Albasoftware Phpauction 2.1 and possibly later versions, with phpAdsNew 2.0.5, allows remote attackers to execute arbitrary PHP code via a URL in the phpAds_path parameter.Show less
CVE-2005-2255 1Gianluca Baldo 1Phpauction Apr 16, 2026 Jul 13, 2005 N/A· v4 N/A· v3 6.4 MEDIUM· v2 Directory traversal vulnerability in PhpAuction 2.5 allows remote attackers to read arbitrary files, include local PHP files, or obtain sensitive path information via ".." sequences in the lan parameter to (1) index.php...Show more Directory traversal vulnerability in PhpAuction 2.5 allows remote attackers to read arbitrary files, include local PHP files, or obtain sensitive path information via ".." sequences in the lan parameter to (1) index.php or (2) admin/index.php.Show less
CVE-2005-2254 1Gianluca Baldo 1Phpauction Apr 16, 2026 Jul 13, 2005 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Multiple cross-site scripting (XSS) vulnerabilities in PhpAuction 2.5 allow remote attackers to inject arbitrary web script or HTML via the lan parameter to (1) index.php or (2) admin/index.php, or (3) the auction_id par...Show more Multiple cross-site scripting (XSS) vulnerabilities in PhpAuction 2.5 allow remote attackers to inject arbitrary web script or HTML via the lan parameter to (1) index.php or (2) admin/index.php, or (3) the auction_id parameter to profile.php. NOTE: there is evidence that viewnews.php and login.php may not be part of the PhpAuction product, so they are not included in this description.Show less
CVE-2005-2253 1Gianluca Baldo 1Phpauction Apr 16, 2026 Jul 13, 2005 N/A· v4 N/A· v3 7.5 HIGH· v2 SQL injection vulnerability in PhpAuction 2.5 allow remote attackers to modify SQL queries via the category parameter to adsearch.php. NOTE: there is evidence that viewnews.php may not be part of the PhpAuction product,...Show more SQL injection vulnerability in PhpAuction 2.5 allow remote attackers to modify SQL queries via the category parameter to adsearch.php. NOTE: there is evidence that viewnews.php may not be part of the PhpAuction product, so it is not included in this description.Show less
CVE-2005-2252 1Gianluca Baldo 1Phpauction Apr 16, 2026 Jul 13, 2005 N/A· v4 N/A· v3 7.5 HIGH· v2 PhpAuction 2.5 allows remote attackers to bypass authentication and gain privileges as another user by setting the PHPAUCTION_RM_ID cookie to the user ID.
CVE-2002-0995 1Gianluca Baldo 1Phpauction Apr 16, 2026 Oct 4, 2002 N/A· v4 N/A· v3 7.5 HIGH· v2 login.php for PHPAuction allows remote attackers to gain privileges via a direct call to login.php with the action parameter set to "insert," which adds the provided username to the adminUsers table.