Vulnerabilites related to webidsupport - webid
Vulnerability from fkie_nvd
Published
2022-10-14 19:15
Modified
2024-11-21 07:23
Severity ?
Summary
A security issue was discovered in WeBid <=1.2.2. A Server-Side Request Forgery (SSRF) vulnerability in the admin/theme.php file allows remote attackers to inject payloads via theme parameters to read files across directories.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/zer0yu/CVE_Request/blob/master/Webid/WeBid_Path_Traversal.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/zer0yu/CVE_Request/blob/master/Webid/WeBid_Path_Traversal.md | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| webidsupport | webid | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webidsupport:webid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9EAC0F5C-741F-49B1-B5E0-DE5CF6E1303B",
"versionEndIncluding": "1.2.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A security issue was discovered in WeBid \u003c=1.2.2. A Server-Side Request Forgery (SSRF) vulnerability in the admin/theme.php file allows remote attackers to inject payloads via theme parameters to read files across directories."
},
{
"lang": "es",
"value": "Se ha detectado un problema de seguridad en WeBid versiones anteriores a 1.2.2 incluy\u00e9ndola. Una vulnerabilidad de tipo Server-Side Request Forgery (SSRF) en el archivo admin/theme.php permite a atacantes remotos inyectar cargas \u00fatiles por medio de par\u00e1metros del tema para leer archivos a trav\u00e9s de directorios"
}
],
"id": "CVE-2022-41477",
"lastModified": "2024-11-21T07:23:15.930",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-10-14T19:15:19.703",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/zer0yu/CVE_Request/blob/master/Webid/WeBid_Path_Traversal.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/zer0yu/CVE_Request/blob/master/Webid/WeBid_Path_Traversal.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-918"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-12-20 17:29
Modified
2024-11-21 03:40
Severity ?
Summary
WeBid version up to current version 1.2.2 contains a SQL Injection vulnerability in All five yourauctions*.php scripts that can result in Database Read via Blind SQL Injection. This attack appear to be exploitable via HTTP Request. This vulnerability appears to have been fixed in after commit 256a5f9d3eafbc477dcf77c7682446cc4b449c7f.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://bugs.webidsupport.com/view.php?id=647 | Issue Tracking, Release Notes, Vendor Advisory | |
| cve@mitre.org | https://github.com/renlok/WeBid/commit/256a5f9d3eafbc477dcf77c7682446cc4b449c7f | Patch | |
| cve@mitre.org | https://telekomsecurity.github.io/assets/advisories/20181108_WeBid_Multiple_Vulnerabilities.txt | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://bugs.webidsupport.com/view.php?id=647 | Issue Tracking, Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/renlok/WeBid/commit/256a5f9d3eafbc477dcf77c7682446cc4b449c7f | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://telekomsecurity.github.io/assets/advisories/20181108_WeBid_Multiple_Vulnerabilities.txt | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| webidsupport | webid | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webidsupport:webid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9EAC0F5C-741F-49B1-B5E0-DE5CF6E1303B",
"versionEndIncluding": "1.2.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "WeBid version up to current version 1.2.2 contains a SQL Injection vulnerability in All five yourauctions*.php scripts that can result in Database Read via Blind SQL Injection. This attack appear to be exploitable via HTTP Request. This vulnerability appears to have been fixed in after commit 256a5f9d3eafbc477dcf77c7682446cc4b449c7f."
},
{
"lang": "es",
"value": "WeBid, hasta la actual versi\u00f3n 1.2.2, contiene una vulnerabilidad de inyecci\u00f3n SQL en los 5 scripts yourauctions*.php que puede resultar en la lectura de la base de datos mediante una inyecci\u00f3n SQL ciega. Este ataque parece ser explotable mediante una petici\u00f3n HTTP. La vulnerabilidad parece haber sido solucionada tras el commit con ID 256a5f9d3eafbc477dcf77c7682446cc4b449c7f."
}
],
"id": "CVE-2018-1000867",
"lastModified": "2024-11-21T03:40:32.003",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-12-20T17:29:00.567",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Release Notes",
"Vendor Advisory"
],
"url": "http://bugs.webidsupport.com/view.php?id=647"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://github.com/renlok/WeBid/commit/256a5f9d3eafbc477dcf77c7682446cc4b449c7f"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://telekomsecurity.github.io/assets/advisories/20181108_WeBid_Multiple_Vulnerabilities.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Release Notes",
"Vendor Advisory"
],
"url": "http://bugs.webidsupport.com/view.php?id=647"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/renlok/WeBid/commit/256a5f9d3eafbc477dcf77c7682446cc4b449c7f"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://telekomsecurity.github.io/assets/advisories/20181108_WeBid_Multiple_Vulnerabilities.txt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-04-29 14:29
Modified
2024-11-21 04:21
Severity ?
Summary
WeBid 1.2.2 has reflected XSS via the id parameter to admin/deletenews.php, admin/editbannersuser.php, admin/editfaqscategory.php, or admin/excludeuser.php, or the offset parameter to admin/edituser.php.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.netsparker.com/web-applications-advisories/ns-18-053-reflected-cross-site-scripting-in-webid/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.netsparker.com/web-applications-advisories/ns-18-053-reflected-cross-site-scripting-in-webid/ | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| webidsupport | webid | 1.2.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webidsupport:webid:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6C5E4CA0-910D-4E6C-AAAA-7487B5F0AECE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "WeBid 1.2.2 has reflected XSS via the id parameter to admin/deletenews.php, admin/editbannersuser.php, admin/editfaqscategory.php, or admin/excludeuser.php, or the offset parameter to admin/edituser.php."
},
{
"lang": "es",
"value": "WeBid versi\u00f3n 1.2.2, tiene reflected XSS a trav\u00e9s del par\u00e1metro id en admin/deletenews.php, admin/editbannersuser.php, admin/editfaqscategory.php, o admin/excludeuser.php, o el par\u00e1metro offset en admin/edituser.php."
}
],
"id": "CVE-2019-11592",
"lastModified": "2024-11-21T04:21:24.243",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-04-29T14:29:00.677",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.netsparker.com/web-applications-advisories/ns-18-053-reflected-cross-site-scripting-in-webid/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.netsparker.com/web-applications-advisories/ns-18-053-reflected-cross-site-scripting-in-webid/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-08-28 15:30
Modified
2024-11-21 00:58
Severity ?
Summary
eledicss.php in WeBid auction script 0.5.4 allows remote attackers to modify arbitrary cascading style sheets (CSS) files via a certain request with the file parameter set to style.css. NOTE: this can probably be leveraged for cross-site scripting (XSS) attacks.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| webidsupport | webid | 0.5.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webidsupport:webid:0.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E74968B2-1A04-4FDE-850F-180D07FE542C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "eledicss.php in WeBid auction script 0.5.4 allows remote attackers to modify arbitrary cascading style sheets (CSS) files via a certain request with the file parameter set to style.css. NOTE: this can probably be leveraged for cross-site scripting (XSS) attacks."
},
{
"lang": "es",
"value": "eledicss.php in WeBid auction script v0.5.4 permite a atacantes remotos modificar arbitrariamente archivos de hojas de estilo en cascada (CSS) a trav\u00e9s de una solicitud con el par\u00e1metro file asignado a \"style.css\". NOTA: esto probablemente se puede aprovechar para ataques de ejecuci\u00f3n de secuencias de comandos en sitios cruzados(XSS)."
}
],
"id": "CVE-2008-7117",
"lastModified": "2024-11-21T00:58:19.020",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-08-28T15:30:00.500",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/30945"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44822"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/6339"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/30945"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44822"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/6339"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-08-28 15:30
Modified
2024-11-21 00:58
Severity ?
Summary
SQL injection vulnerability in item.php in WeBid auction script 0.5.4 allows remote attackers to execute arbitrary SQL commands via the id parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| webidsupport | webid | 0.5.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webidsupport:webid:0.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E74968B2-1A04-4FDE-850F-180D07FE542C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in item.php in WeBid auction script 0.5.4 allows remote attackers to execute arbitrary SQL commands via the id parameter."
},
{
"lang": "es",
"value": "Una vulnerabilidad de inyecci\u00f3n SQL en item.php en el script de subastas WeBid v0.5.4 permite a atacantes remotos ejecutar comandos SQL a trav\u00e9s del par\u00e1metro id."
}
],
"id": "CVE-2008-7119",
"lastModified": "2024-11-21T00:58:19.320",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-08-28T15:30:00.547",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/30945"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44817"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/6341"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/30945"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44817"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/6341"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-10-07 10:55
Modified
2024-11-21 01:21
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in confirm.php in WeBid 0.8.5 P1 allows remote attackers to inject arbitrary web script or HTML via the id parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| webidsupport | webid | 0.8.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webidsupport:webid:0.8.5:p1:*:*:*:*:*:*",
"matchCriteriaId": "17739872-ABB2-495E-9F49-36C0AF60B46C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in confirm.php in WeBid 0.8.5 P1 allows remote attackers to inject arbitrary web script or HTML via the id parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad cross-site scripting (XSS) en confirm.php en WeBid v0.8.5 P1 permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s del par\u00e1metro id."
}
],
"id": "CVE-2010-4873",
"lastModified": "2024-11-21T01:21:57.953",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-10-07T10:55:07.440",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://osvdb.org/69103"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.org/1011-exploits/webid085p1-xss.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/42171"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/8429"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.johnleitch.net/Vulnerabilities/WeBid.0.8.5P1.Reflected.Cross-site.Scripting/62"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/44765"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/63152"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://osvdb.org/69103"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.org/1011-exploits/webid085p1-xss.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/42171"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/8429"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.johnleitch.net/Vulnerabilities/WeBid.0.8.5P1.Reflected.Cross-site.Scripting/62"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/44765"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/63152"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-07-25 19:55
Modified
2024-11-21 02:11
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in WeBid 1.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) TPL_name, (2) TPL_nick, (3) TPL_email, (4) TPL_year, (5) TPL_address, (6) TPL_city, (7) TPL_prov, (8) TPL_zip, (9) TPL_phone, (10) TPL_pp_email, (11) TPL_authnet_id, (12) TPL_authnet_pass, (13) TPL_worldpay_id, (14) TPL_toocheckout_id, or (15) TPL_moneybookers_email in a first action to register.php or the (16) username parameter in a login action to user_login.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| webidsupport | webid | 1.1.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webidsupport:webid:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EB484035-223C-4096-98FD-E19092A6BE00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in WeBid 1.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) TPL_name, (2) TPL_nick, (3) TPL_email, (4) TPL_year, (5) TPL_address, (6) TPL_city, (7) TPL_prov, (8) TPL_zip, (9) TPL_phone, (10) TPL_pp_email, (11) TPL_authnet_id, (12) TPL_authnet_pass, (13) TPL_worldpay_id, (14) TPL_toocheckout_id, or (15) TPL_moneybookers_email in a first action to register.php or the (16) username parameter in a login action to user_login.php."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de XSS en WeBid 1.1.1 permiten a atacantes remotos inyectar secuencias de comandos web a trav\u00e9s del par\u00e1metro (1) TPL_name, (2) TPL_nick, (3) TPL_email, (4) TPL_year, (5) TPL_address, (6) TPL_city, (7) TPL_prov, (8) TPL_zip, (9) TPL_phone, (10) TPL_pp_email, (11) TPL_authnet_id, (12) TPL_authnet_pass, (13) TPL_worldpay_id, (14) TPL_toocheckout_id o (15) TPL_moneybookers_email en una acci\u00f3n first en register.php o (16) el par\u00e1metro username en una acci\u00f3n login en user_login.php."
}
],
"id": "CVE-2014-5101",
"lastModified": "2024-11-21T02:11:25.123",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-07-25T19:55:05.037",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/127431/WeBid-1.1.1-Cross-Site-Scripting-LDAP-Injection.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/68519"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/127431/WeBid-1.1.1-Cross-Site-Scripting-LDAP-Injection.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/68519"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-09-24 00:55
Modified
2024-11-21 01:31
Severity ?
Summary
WeBid 1.0.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by js/calendar.php and certain other files.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| webidsupport | webid | 1.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webidsupport:webid:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BD965E02-0ECD-4D66-B160-F38C40349DB5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "WeBid 1.0.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by js/calendar.php and certain other files."
},
{
"lang": "es",
"value": "WeBid v1.0.0 permite a atacantes remotos obtener informaci\u00f3n sensible a trav\u00e9s de una petici\u00f3n directa a un archivo .php, lo que revela la ruta de instalaci\u00f3n en un mensaje de error, como se demostr\u00f3 con js/calendar.php y algunos otros archivos."
}
],
"id": "CVE-2011-3815",
"lastModified": "2024-11-21T01:31:19.753",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-09-24T00:55:03.800",
"references": [
{
"source": "cve@mitre.org",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
},
{
"source": "cve@mitre.org",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/WeBid-1.0.0"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/WeBid-1.0.0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-07-29 14:55
Modified
2024-11-21 02:11
Severity ?
Summary
WeBid 1.1.1 allows remote attackers to conduct an LDAP injection attack via the (1) js or (2) cat parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| webidsupport | webid | 1.1.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webidsupport:webid:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EB484035-223C-4096-98FD-E19092A6BE00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "WeBid 1.1.1 allows remote attackers to conduct an LDAP injection attack via the (1) js or (2) cat parameter."
},
{
"lang": "es",
"value": "WeBid 1.1.1 permite a atacantes remotos realizar un ataque de inyecci\u00f3n LDAP a trav\u00e9s del par\u00e1metro (1) js o (2) cat."
}
],
"evaluatorComment": "\u003ca href=\"http://cwe.mitre.org/data/definitions/90.html\" target=\"_blank\"\u003eCWE-90: Improper Neutralization of Special Elements used in an LDAP Query (\u0027LDAP Injection\u0027)\u003c/a\u003e",
"id": "CVE-2014-5114",
"lastModified": "2024-11-21T02:11:27.013",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-07-29T14:55:07.907",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/127431/WeBid-1.1.1-Cross-Site-Scripting-LDAP-Injection.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/68519"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/127431/WeBid-1.1.1-Cross-Site-Scripting-LDAP-Injection.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/68519"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-08-28 15:30
Modified
2024-11-21 00:58
Severity ?
Summary
WeBid auction script 0.5.4 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain SQL query logs via a direct request for logs/cron.log.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| webidsupport | webid | 0.5.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webidsupport:webid:0.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E74968B2-1A04-4FDE-850F-180D07FE542C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "WeBid auction script 0.5.4 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain SQL query logs via a direct request for logs/cron.log."
},
{
"lang": "es",
"value": "WeBid auction script v0.5.4 almacena informaci\u00f3n sensible bajo el directorio ra\u00edz de la Web con control de acceso insuficiente, lo que permite obtener los logs de las consultas SQL a atacantes remotos a trav\u00e9s de una petici\u00f3n directa a logs/cron.log."
}
],
"id": "CVE-2008-7118",
"lastModified": "2024-11-21T00:58:19.180",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-08-28T15:30:00.530",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/30945"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44820"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/6339"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/30945"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44820"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/6339"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-11-08 16:15
Modified
2024-11-21 08:30
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
WeBid <=1.2.2 is vulnerable to code injection via admin/categoriestrans.php.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://liotree.github.io/2023/webid.html | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://liotree.github.io/2023/webid.html | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| webidsupport | webid | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webidsupport:webid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9EAC0F5C-741F-49B1-B5E0-DE5CF6E1303B",
"versionEndIncluding": "1.2.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "WeBid \u003c=1.2.2 is vulnerable to code injection via admin/categoriestrans.php."
},
{
"lang": "es",
"value": "WeBid en versiones \u0026lt;= 1.2.2 es vulnerable a la inyecci\u00f3n de c\u00f3digo a trav\u00e9s de admin/categoriestrans.php."
}
],
"id": "CVE-2023-47397",
"lastModified": "2024-11-21T08:30:14.437",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-11-08T16:15:11.017",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://liotree.github.io/2023/webid.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://liotree.github.io/2023/webid.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-01-27 16:15
Modified
2024-11-21 05:13
Severity ?
Summary
WeBid 1.2.2 admin/newuser.php has an issue with password rechecking during registration because it uses a loose comparison to check the identicalness of two passwords. Two non-identical passwords can still bypass the check.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/renlok/WeBid/issues/530 | Exploit, Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/renlok/WeBid/issues/530 | Exploit, Issue Tracking, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| webidsupport | webid | 1.2.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webidsupport:webid:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6C5E4CA0-910D-4E6C-AAAA-7487B5F0AECE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "WeBid 1.2.2 admin/newuser.php has an issue with password rechecking during registration because it uses a loose comparison to check the identicalness of two passwords. Two non-identical passwords can still bypass the check."
},
{
"lang": "es",
"value": "WeBid versi\u00f3n 1.2.2, el archivo admin/newuser.php presenta un problema con la comprobaci\u00f3n de contrase\u00f1as durante el registro porque usa una comparaci\u00f3n imprecisa para comprobar la identidad de dos contrase\u00f1as.\u0026#xa0;Dos contrase\u00f1as no id\u00e9nticas a\u00fan pueden omitir la comprobaci\u00f3n"
}
],
"id": "CVE-2020-23359",
"lastModified": "2024-11-21T05:13:46.797",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-01-27T16:15:13.013",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/renlok/WeBid/issues/530"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/renlok/WeBid/issues/530"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-697"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-08-28 15:30
Modified
2024-11-21 00:58
Severity ?
Summary
SQL injection vulnerability in the admin panel (admin/) in WeBid auction script 0.5.4 allows remote attackers to execute arbitrary SQL commands via the username.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| webidsupport | webid | 0.5.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webidsupport:webid:0.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E74968B2-1A04-4FDE-850F-180D07FE542C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the admin panel (admin/) in WeBid auction script 0.5.4 allows remote attackers to execute arbitrary SQL commands via the username."
},
{
"lang": "es",
"value": "Una vulnerabilidad de inyecci\u00f3n SQL en el panel de administraci\u00f3n (admin/) en WeBid Auction Script v0.5.4 permite a atacantes remotos ejecutar comandos SQL a trav\u00e9s del nombre de usuario (username)."
}
],
"id": "CVE-2008-7116",
"lastModified": "2024-11-21T00:58:18.870",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-08-28T15:30:00.483",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/30945"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44817"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/6339"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/30945"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44817"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/6339"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-12-20 17:29
Modified
2024-11-21 03:40
Severity ?
Summary
WeBid version up to current version 1.2.2 contains a Cross Site Scripting (XSS) vulnerability in user_login.php, register.php that can result in Javascript execution in the user's browser, injection of malicious markup into the page. This attack appear to be exploitable via The victim user must click a malicous link. This vulnerability appears to have been fixed in after commit 256a5f9d3eafbc477dcf77c7682446cc4b449c7f.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://bugs.webidsupport.com/view.php?id=648 | Issue Tracking, Release Notes, Vendor Advisory | |
| cve@mitre.org | https://github.com/renlok/WeBid/commit/256a5f9d3eafbc477dcf77c7682446cc4b449c7f | Patch | |
| cve@mitre.org | https://telekomsecurity.github.io/assets/advisories/20181108_WeBid_Multiple_Vulnerabilities.txt | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://bugs.webidsupport.com/view.php?id=648 | Issue Tracking, Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/renlok/WeBid/commit/256a5f9d3eafbc477dcf77c7682446cc4b449c7f | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://telekomsecurity.github.io/assets/advisories/20181108_WeBid_Multiple_Vulnerabilities.txt | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| webidsupport | webid | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webidsupport:webid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9EAC0F5C-741F-49B1-B5E0-DE5CF6E1303B",
"versionEndIncluding": "1.2.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "WeBid version up to current version 1.2.2 contains a Cross Site Scripting (XSS) vulnerability in user_login.php, register.php that can result in Javascript execution in the user\u0027s browser, injection of malicious markup into the page. This attack appear to be exploitable via The victim user must click a malicous link. This vulnerability appears to have been fixed in after commit 256a5f9d3eafbc477dcf77c7682446cc4b449c7f."
},
{
"lang": "es",
"value": "WeBid, hasta la actual versi\u00f3n 1.2.2, contiene una vulnerabilidad Cross-Site Scripting (XSS) en user_login.php y register.php que puede resultar en la ejecuci\u00f3n de JavaScript en el navegador del usuario o la inyecci\u00f3n de marcas maliciosas en la p\u00e1gina. El ataque parece ser explotable mediante una v\u00edctima que haga clic en un enlace malicioso. La vulnerabilidad parece haber sido solucionada tras el commit con ID 256a5f9d3eafbc477dcf77c7682446cc4b449c7f."
}
],
"id": "CVE-2018-1000868",
"lastModified": "2024-11-21T03:40:32.163",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-12-20T17:29:00.643",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Release Notes",
"Vendor Advisory"
],
"url": "http://bugs.webidsupport.com/view.php?id=648"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://github.com/renlok/WeBid/commit/256a5f9d3eafbc477dcf77c7682446cc4b449c7f"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://telekomsecurity.github.io/assets/advisories/20181108_WeBid_Multiple_Vulnerabilities.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Release Notes",
"Vendor Advisory"
],
"url": "http://bugs.webidsupport.com/view.php?id=648"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/renlok/WeBid/commit/256a5f9d3eafbc477dcf77c7682446cc4b449c7f"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://telekomsecurity.github.io/assets/advisories/20181108_WeBid_Multiple_Vulnerabilities.txt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-12-20 17:29
Modified
2024-11-21 03:40
Severity ?
Summary
WeBid version up to current version 1.2.2 contains a Directory Traversal vulnerability in getthumb.php that can result in Arbitrary Image File Read. This attack appear to be exploitable via HTTP GET Request. This vulnerability appears to have been fixed in after commit 256a5f9d3eafbc477dcf77c7682446cc4b449c7f.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://bugs.webidsupport.com/view.php?id=646 | Issue Tracking, Release Notes, Vendor Advisory | |
| cve@mitre.org | https://github.com/renlok/WeBid/commit/256a5f9d3eafbc477dcf77c7682446cc4b449c7f | Patch | |
| cve@mitre.org | https://telekomsecurity.github.io/assets/advisories/20181108_WeBid_Multiple_Vulnerabilities.txt | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://bugs.webidsupport.com/view.php?id=646 | Issue Tracking, Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/renlok/WeBid/commit/256a5f9d3eafbc477dcf77c7682446cc4b449c7f | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://telekomsecurity.github.io/assets/advisories/20181108_WeBid_Multiple_Vulnerabilities.txt | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| webidsupport | webid | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webidsupport:webid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9EAC0F5C-741F-49B1-B5E0-DE5CF6E1303B",
"versionEndIncluding": "1.2.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "WeBid version up to current version 1.2.2 contains a Directory Traversal vulnerability in getthumb.php that can result in Arbitrary Image File Read. This attack appear to be exploitable via HTTP GET Request. This vulnerability appears to have been fixed in after commit 256a5f9d3eafbc477dcf77c7682446cc4b449c7f."
},
{
"lang": "es",
"value": "WeBid, hasta la actual versi\u00f3n 1.2.2, contiene una vulnerabilidad de salto de directorio en getthumb.php que puede resultar en la lectura de archivos de imagen arbitrarios. Este ataque parece ser explotable mediante una petici\u00f3n HTTP GET. La vulnerabilidad parece haber sido solucionada tras el commit con ID 256a5f9d3eafbc477dcf77c7682446cc4b449c7f."
}
],
"id": "CVE-2018-1000882",
"lastModified": "2024-11-21T03:40:34.673",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-12-20T17:29:01.410",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Release Notes",
"Vendor Advisory"
],
"url": "http://bugs.webidsupport.com/view.php?id=646"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://github.com/renlok/WeBid/commit/256a5f9d3eafbc477dcf77c7682446cc4b449c7f"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://telekomsecurity.github.io/assets/advisories/20181108_WeBid_Multiple_Vulnerabilities.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Release Notes",
"Vendor Advisory"
],
"url": "http://bugs.webidsupport.com/view.php?id=646"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/renlok/WeBid/commit/256a5f9d3eafbc477dcf77c7682446cc4b449c7f"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://telekomsecurity.github.io/assets/advisories/20181108_WeBid_Multiple_Vulnerabilities.txt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2014-5101
Vulnerability from cvelistv5
Published
2014-07-25 19:00
Modified
2024-09-16 18:33
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in WeBid 1.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) TPL_name, (2) TPL_nick, (3) TPL_email, (4) TPL_year, (5) TPL_address, (6) TPL_city, (7) TPL_prov, (8) TPL_zip, (9) TPL_phone, (10) TPL_pp_email, (11) TPL_authnet_id, (12) TPL_authnet_pass, (13) TPL_worldpay_id, (14) TPL_toocheckout_id, or (15) TPL_moneybookers_email in a first action to register.php or the (16) username parameter in a login action to user_login.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/68519 | vdb-entry, x_refsource_BID | |
| http://packetstormsecurity.com/files/127431/WeBid-1.1.1-Cross-Site-Scripting-LDAP-Injection.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:34:37.242Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "68519",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/68519"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/127431/WeBid-1.1.1-Cross-Site-Scripting-LDAP-Injection.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in WeBid 1.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) TPL_name, (2) TPL_nick, (3) TPL_email, (4) TPL_year, (5) TPL_address, (6) TPL_city, (7) TPL_prov, (8) TPL_zip, (9) TPL_phone, (10) TPL_pp_email, (11) TPL_authnet_id, (12) TPL_authnet_pass, (13) TPL_worldpay_id, (14) TPL_toocheckout_id, or (15) TPL_moneybookers_email in a first action to register.php or the (16) username parameter in a login action to user_login.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-07-25T19:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "68519",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/68519"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/127431/WeBid-1.1.1-Cross-Site-Scripting-LDAP-Injection.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-5101",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in WeBid 1.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) TPL_name, (2) TPL_nick, (3) TPL_email, (4) TPL_year, (5) TPL_address, (6) TPL_city, (7) TPL_prov, (8) TPL_zip, (9) TPL_phone, (10) TPL_pp_email, (11) TPL_authnet_id, (12) TPL_authnet_pass, (13) TPL_worldpay_id, (14) TPL_toocheckout_id, or (15) TPL_moneybookers_email in a first action to register.php or the (16) username parameter in a login action to user_login.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "68519",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68519"
},
{
"name": "http://packetstormsecurity.com/files/127431/WeBid-1.1.1-Cross-Site-Scripting-LDAP-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/127431/WeBid-1.1.1-Cross-Site-Scripting-LDAP-Injection.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-5101",
"datePublished": "2014-07-25T19:00:00Z",
"dateReserved": "2014-07-25T00:00:00Z",
"dateUpdated": "2024-09-16T18:33:42.389Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-47397
Vulnerability from cvelistv5
Published
2023-11-08 00:00
Modified
2024-09-03 20:06
Severity ?
EPSS score ?
Summary
WeBid <=1.2.2 is vulnerable to code injection via admin/categoriestrans.php.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:09:36.688Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://liotree.github.io/2023/webid.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-47397",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-03T20:02:08.635338Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-03T20:06:56.239Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "WeBid \u003c=1.2.2 is vulnerable to code injection via admin/categoriestrans.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-08T15:26:35.431925",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://liotree.github.io/2023/webid.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-47397",
"datePublished": "2023-11-08T00:00:00",
"dateReserved": "2023-11-06T00:00:00",
"dateUpdated": "2024-09-03T20:06:56.239Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-7119
Vulnerability from cvelistv5
Published
2009-08-28 15:00
Modified
2024-08-07 11:56
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in item.php in WeBid auction script 0.5.4 allows remote attackers to execute arbitrary SQL commands via the id parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/44817 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/30945 | vdb-entry, x_refsource_BID | |
| https://www.exploit-db.com/exploits/6341 | exploit, x_refsource_EXPLOIT-DB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:56:14.396Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "webid-item-admin-sql-injection(44817)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44817"
},
{
"name": "30945",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30945"
},
{
"name": "6341",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/6341"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-08-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in item.php in WeBid auction script 0.5.4 allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "webid-item-admin-sql-injection(44817)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44817"
},
{
"name": "30945",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30945"
},
{
"name": "6341",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/6341"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-7119",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in item.php in WeBid auction script 0.5.4 allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "webid-item-admin-sql-injection(44817)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44817"
},
{
"name": "30945",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30945"
},
{
"name": "6341",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6341"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-7119",
"datePublished": "2009-08-28T15:00:00",
"dateReserved": "2009-08-28T00:00:00",
"dateUpdated": "2024-08-07T11:56:14.396Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-23359
Vulnerability from cvelistv5
Published
2021-01-27 15:29
Modified
2024-08-04 14:58
Severity ?
EPSS score ?
Summary
WeBid 1.2.2 admin/newuser.php has an issue with password rechecking during registration because it uses a loose comparison to check the identicalness of two passwords. Two non-identical passwords can still bypass the check.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/renlok/WeBid/issues/530 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:58:14.974Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/renlok/WeBid/issues/530"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "WeBid 1.2.2 admin/newuser.php has an issue with password rechecking during registration because it uses a loose comparison to check the identicalness of two passwords. Two non-identical passwords can still bypass the check."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-27T15:29:03",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/renlok/WeBid/issues/530"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-23359",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WeBid 1.2.2 admin/newuser.php has an issue with password rechecking during registration because it uses a loose comparison to check the identicalness of two passwords. Two non-identical passwords can still bypass the check."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/renlok/WeBid/issues/530",
"refsource": "MISC",
"url": "https://github.com/renlok/WeBid/issues/530"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-23359",
"datePublished": "2021-01-27T15:29:03",
"dateReserved": "2020-08-13T00:00:00",
"dateUpdated": "2024-08-04T14:58:14.974Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-7117
Vulnerability from cvelistv5
Published
2009-08-28 15:00
Modified
2024-08-07 11:56
Severity ?
EPSS score ?
Summary
eledicss.php in WeBid auction script 0.5.4 allows remote attackers to modify arbitrary cascading style sheets (CSS) files via a certain request with the file parameter set to style.css. NOTE: this can probably be leveraged for cross-site scripting (XSS) attacks.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.exploit-db.com/exploits/6339 | exploit, x_refsource_EXPLOIT-DB | |
| http://www.securityfocus.com/bid/30945 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/44822 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:56:14.056Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "6339",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/6339"
},
{
"name": "30945",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30945"
},
{
"name": "webid-eledicss-file-manipulation(44822)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44822"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-08-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "eledicss.php in WeBid auction script 0.5.4 allows remote attackers to modify arbitrary cascading style sheets (CSS) files via a certain request with the file parameter set to style.css. NOTE: this can probably be leveraged for cross-site scripting (XSS) attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "6339",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/6339"
},
{
"name": "30945",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30945"
},
{
"name": "webid-eledicss-file-manipulation(44822)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44822"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-7117",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "eledicss.php in WeBid auction script 0.5.4 allows remote attackers to modify arbitrary cascading style sheets (CSS) files via a certain request with the file parameter set to style.css. NOTE: this can probably be leveraged for cross-site scripting (XSS) attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "6339",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6339"
},
{
"name": "30945",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30945"
},
{
"name": "webid-eledicss-file-manipulation(44822)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44822"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-7117",
"datePublished": "2009-08-28T15:00:00",
"dateReserved": "2009-08-28T00:00:00",
"dateUpdated": "2024-08-07T11:56:14.056Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-7118
Vulnerability from cvelistv5
Published
2009-08-28 15:00
Modified
2024-08-07 11:56
Severity ?
EPSS score ?
Summary
WeBid auction script 0.5.4 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain SQL query logs via a direct request for logs/cron.log.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/44820 | vdb-entry, x_refsource_XF | |
| https://www.exploit-db.com/exploits/6339 | exploit, x_refsource_EXPLOIT-DB | |
| http://www.securityfocus.com/bid/30945 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:56:14.432Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "webid-cron-info-disclosure(44820)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44820"
},
{
"name": "6339",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/6339"
},
{
"name": "30945",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30945"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-08-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "WeBid auction script 0.5.4 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain SQL query logs via a direct request for logs/cron.log."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "webid-cron-info-disclosure(44820)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44820"
},
{
"name": "6339",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/6339"
},
{
"name": "30945",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30945"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-7118",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WeBid auction script 0.5.4 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain SQL query logs via a direct request for logs/cron.log."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "webid-cron-info-disclosure(44820)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44820"
},
{
"name": "6339",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6339"
},
{
"name": "30945",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30945"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-7118",
"datePublished": "2009-08-28T15:00:00",
"dateReserved": "2009-08-28T00:00:00",
"dateUpdated": "2024-08-07T11:56:14.432Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-4873
Vulnerability from cvelistv5
Published
2011-10-07 10:00
Modified
2024-08-07 04:02
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in confirm.php in WeBid 0.8.5 P1 allows remote attackers to inject arbitrary web script or HTML via the id parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://securityreason.com/securityalert/8429 | third-party-advisory, x_refsource_SREASON | |
| http://packetstormsecurity.org/1011-exploits/webid085p1-xss.txt | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/63152 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/42171 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.johnleitch.net/Vulnerabilities/WeBid.0.8.5P1.Reflected.Cross-site.Scripting/62 | x_refsource_MISC | |
| http://osvdb.org/69103 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/44765 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:02:29.960Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "8429",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8429"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.org/1011-exploits/webid085p1-xss.txt"
},
{
"name": "webid-confirm-xss(63152)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/63152"
},
{
"name": "42171",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42171"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.johnleitch.net/Vulnerabilities/WeBid.0.8.5P1.Reflected.Cross-site.Scripting/62"
},
{
"name": "69103",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/69103"
},
{
"name": "44765",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/44765"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-11-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in confirm.php in WeBid 0.8.5 P1 allows remote attackers to inject arbitrary web script or HTML via the id parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "8429",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8429"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.org/1011-exploits/webid085p1-xss.txt"
},
{
"name": "webid-confirm-xss(63152)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/63152"
},
{
"name": "42171",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42171"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.johnleitch.net/Vulnerabilities/WeBid.0.8.5P1.Reflected.Cross-site.Scripting/62"
},
{
"name": "69103",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/69103"
},
{
"name": "44765",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/44765"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4873",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in confirm.php in WeBid 0.8.5 P1 allows remote attackers to inject arbitrary web script or HTML via the id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "8429",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8429"
},
{
"name": "http://packetstormsecurity.org/1011-exploits/webid085p1-xss.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1011-exploits/webid085p1-xss.txt"
},
{
"name": "webid-confirm-xss(63152)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/63152"
},
{
"name": "42171",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42171"
},
{
"name": "http://www.johnleitch.net/Vulnerabilities/WeBid.0.8.5P1.Reflected.Cross-site.Scripting/62",
"refsource": "MISC",
"url": "http://www.johnleitch.net/Vulnerabilities/WeBid.0.8.5P1.Reflected.Cross-site.Scripting/62"
},
{
"name": "69103",
"refsource": "OSVDB",
"url": "http://osvdb.org/69103"
},
{
"name": "44765",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/44765"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-4873",
"datePublished": "2011-10-07T10:00:00",
"dateReserved": "2011-10-07T00:00:00",
"dateUpdated": "2024-08-07T04:02:29.960Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-41477
Vulnerability from cvelistv5
Published
2022-10-14 00:00
Modified
2024-08-03 12:42
Severity ?
EPSS score ?
Summary
A security issue was discovered in WeBid <=1.2.2. A Server-Side Request Forgery (SSRF) vulnerability in the admin/theme.php file allows remote attackers to inject payloads via theme parameters to read files across directories.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:42:46.436Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/zer0yu/CVE_Request/blob/master/Webid/WeBid_Path_Traversal.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A security issue was discovered in WeBid \u003c=1.2.2. A Server-Side Request Forgery (SSRF) vulnerability in the admin/theme.php file allows remote attackers to inject payloads via theme parameters to read files across directories."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-14T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/zer0yu/CVE_Request/blob/master/Webid/WeBid_Path_Traversal.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-41477",
"datePublished": "2022-10-14T00:00:00",
"dateReserved": "2022-09-26T00:00:00",
"dateUpdated": "2024-08-03T12:42:46.436Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-5114
Vulnerability from cvelistv5
Published
2014-07-29 14:00
Modified
2024-09-17 03:13
Severity ?
EPSS score ?
Summary
WeBid 1.1.1 allows remote attackers to conduct an LDAP injection attack via the (1) js or (2) cat parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/68519 | vdb-entry, x_refsource_BID | |
| http://packetstormsecurity.com/files/127431/WeBid-1.1.1-Cross-Site-Scripting-LDAP-Injection.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:34:37.336Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "68519",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/68519"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/127431/WeBid-1.1.1-Cross-Site-Scripting-LDAP-Injection.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "WeBid 1.1.1 allows remote attackers to conduct an LDAP injection attack via the (1) js or (2) cat parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-07-29T14:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "68519",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/68519"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/127431/WeBid-1.1.1-Cross-Site-Scripting-LDAP-Injection.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-5114",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WeBid 1.1.1 allows remote attackers to conduct an LDAP injection attack via the (1) js or (2) cat parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "68519",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68519"
},
{
"name": "http://packetstormsecurity.com/files/127431/WeBid-1.1.1-Cross-Site-Scripting-LDAP-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/127431/WeBid-1.1.1-Cross-Site-Scripting-LDAP-Injection.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-5114",
"datePublished": "2014-07-29T14:00:00Z",
"dateReserved": "2014-07-29T00:00:00Z",
"dateUpdated": "2024-09-17T03:13:47.249Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-1000882
Vulnerability from cvelistv5
Published
2018-12-20 17:00
Modified
2024-09-17 00:56
Severity ?
EPSS score ?
Summary
WeBid version up to current version 1.2.2 contains a Directory Traversal vulnerability in getthumb.php that can result in Arbitrary Image File Read. This attack appear to be exploitable via HTTP GET Request. This vulnerability appears to have been fixed in after commit 256a5f9d3eafbc477dcf77c7682446cc4b449c7f.
References
| ▼ | URL | Tags |
|---|---|---|
| https://telekomsecurity.github.io/assets/advisories/20181108_WeBid_Multiple_Vulnerabilities.txt | x_refsource_MISC | |
| http://bugs.webidsupport.com/view.php?id=646 | x_refsource_MISC | |
| https://github.com/renlok/WeBid/commit/256a5f9d3eafbc477dcf77c7682446cc4b449c7f | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:47:57.295Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://telekomsecurity.github.io/assets/advisories/20181108_WeBid_Multiple_Vulnerabilities.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugs.webidsupport.com/view.php?id=646"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/renlok/WeBid/commit/256a5f9d3eafbc477dcf77c7682446cc4b449c7f"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"dateAssigned": "2018-12-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "WeBid version up to current version 1.2.2 contains a Directory Traversal vulnerability in getthumb.php that can result in Arbitrary Image File Read. This attack appear to be exploitable via HTTP GET Request. This vulnerability appears to have been fixed in after commit 256a5f9d3eafbc477dcf77c7682446cc4b449c7f."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-20T17:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://telekomsecurity.github.io/assets/advisories/20181108_WeBid_Multiple_Vulnerabilities.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugs.webidsupport.com/view.php?id=646"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/renlok/WeBid/commit/256a5f9d3eafbc477dcf77c7682446cc4b449c7f"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2018-12-19T20:52:45.250141",
"DATE_REQUESTED": "2018-12-03T08:52:04",
"ID": "CVE-2018-1000882",
"REQUESTER": "nils.stuenkel@t-systems.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WeBid version up to current version 1.2.2 contains a Directory Traversal vulnerability in getthumb.php that can result in Arbitrary Image File Read. This attack appear to be exploitable via HTTP GET Request. This vulnerability appears to have been fixed in after commit 256a5f9d3eafbc477dcf77c7682446cc4b449c7f."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://telekomsecurity.github.io/assets/advisories/20181108_WeBid_Multiple_Vulnerabilities.txt",
"refsource": "MISC",
"url": "https://telekomsecurity.github.io/assets/advisories/20181108_WeBid_Multiple_Vulnerabilities.txt"
},
{
"name": "http://bugs.webidsupport.com/view.php?id=646",
"refsource": "MISC",
"url": "http://bugs.webidsupport.com/view.php?id=646"
},
{
"name": "https://github.com/renlok/WeBid/commit/256a5f9d3eafbc477dcf77c7682446cc4b449c7f",
"refsource": "MISC",
"url": "https://github.com/renlok/WeBid/commit/256a5f9d3eafbc477dcf77c7682446cc4b449c7f"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-1000882",
"datePublished": "2018-12-20T17:00:00Z",
"dateReserved": "2018-12-20T00:00:00Z",
"dateUpdated": "2024-09-17T00:56:34.208Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-11592
Vulnerability from cvelistv5
Published
2019-04-29 13:47
Modified
2024-08-04 22:55
Severity ?
EPSS score ?
Summary
WeBid 1.2.2 has reflected XSS via the id parameter to admin/deletenews.php, admin/editbannersuser.php, admin/editfaqscategory.php, or admin/excludeuser.php, or the offset parameter to admin/edituser.php.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:55:41.046Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.netsparker.com/web-applications-advisories/ns-18-053-reflected-cross-site-scripting-in-webid/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "WeBid 1.2.2 has reflected XSS via the id parameter to admin/deletenews.php, admin/editbannersuser.php, admin/editfaqscategory.php, or admin/excludeuser.php, or the offset parameter to admin/edituser.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-29T13:47:24",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.netsparker.com/web-applications-advisories/ns-18-053-reflected-cross-site-scripting-in-webid/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-11592",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WeBid 1.2.2 has reflected XSS via the id parameter to admin/deletenews.php, admin/editbannersuser.php, admin/editfaqscategory.php, or admin/excludeuser.php, or the offset parameter to admin/edituser.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.netsparker.com/web-applications-advisories/ns-18-053-reflected-cross-site-scripting-in-webid/",
"refsource": "MISC",
"url": "https://www.netsparker.com/web-applications-advisories/ns-18-053-reflected-cross-site-scripting-in-webid/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-11592",
"datePublished": "2019-04-29T13:47:24",
"dateReserved": "2019-04-29T00:00:00",
"dateUpdated": "2024-08-04T22:55:41.046Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-3815
Vulnerability from cvelistv5
Published
2011-09-24 00:00
Modified
2024-09-17 02:36
Severity ?
EPSS score ?
Summary
WeBid 1.0.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by js/calendar.php and certain other files.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2011/06/27/6 | mailing-list, x_refsource_MLIST | |
| http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README | x_refsource_MISC | |
| http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/WeBid-1.0.0 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:46:03.115Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/WeBid-1.0.0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "WeBid 1.0.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by js/calendar.php and certain other files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-09-24T00:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/WeBid-1.0.0"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-3815",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WeBid 1.0.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by js/calendar.php and certain other files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README",
"refsource": "MISC",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
},
{
"name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/WeBid-1.0.0",
"refsource": "MISC",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/WeBid-1.0.0"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-3815",
"datePublished": "2011-09-24T00:00:00Z",
"dateReserved": "2011-09-23T00:00:00Z",
"dateUpdated": "2024-09-17T02:36:51.125Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-1000868
Vulnerability from cvelistv5
Published
2018-12-20 17:00
Modified
2024-09-16 22:08
Severity ?
EPSS score ?
Summary
WeBid version up to current version 1.2.2 contains a Cross Site Scripting (XSS) vulnerability in user_login.php, register.php that can result in Javascript execution in the user's browser, injection of malicious markup into the page. This attack appear to be exploitable via The victim user must click a malicous link. This vulnerability appears to have been fixed in after commit 256a5f9d3eafbc477dcf77c7682446cc4b449c7f.
References
| ▼ | URL | Tags |
|---|---|---|
| https://telekomsecurity.github.io/assets/advisories/20181108_WeBid_Multiple_Vulnerabilities.txt | x_refsource_MISC | |
| http://bugs.webidsupport.com/view.php?id=648 | x_refsource_MISC | |
| https://github.com/renlok/WeBid/commit/256a5f9d3eafbc477dcf77c7682446cc4b449c7f | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:47:57.152Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://telekomsecurity.github.io/assets/advisories/20181108_WeBid_Multiple_Vulnerabilities.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugs.webidsupport.com/view.php?id=648"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/renlok/WeBid/commit/256a5f9d3eafbc477dcf77c7682446cc4b449c7f"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"dateAssigned": "2018-12-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "WeBid version up to current version 1.2.2 contains a Cross Site Scripting (XSS) vulnerability in user_login.php, register.php that can result in Javascript execution in the user\u0027s browser, injection of malicious markup into the page. This attack appear to be exploitable via The victim user must click a malicous link. This vulnerability appears to have been fixed in after commit 256a5f9d3eafbc477dcf77c7682446cc4b449c7f."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-20T17:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://telekomsecurity.github.io/assets/advisories/20181108_WeBid_Multiple_Vulnerabilities.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugs.webidsupport.com/view.php?id=648"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/renlok/WeBid/commit/256a5f9d3eafbc477dcf77c7682446cc4b449c7f"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2018-12-19T20:52:45.251656",
"DATE_REQUESTED": "2018-12-03T08:58:33",
"ID": "CVE-2018-1000868",
"REQUESTER": "nils.stuenkel@t-systems.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WeBid version up to current version 1.2.2 contains a Cross Site Scripting (XSS) vulnerability in user_login.php, register.php that can result in Javascript execution in the user\u0027s browser, injection of malicious markup into the page. This attack appear to be exploitable via The victim user must click a malicous link. This vulnerability appears to have been fixed in after commit 256a5f9d3eafbc477dcf77c7682446cc4b449c7f."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://telekomsecurity.github.io/assets/advisories/20181108_WeBid_Multiple_Vulnerabilities.txt",
"refsource": "MISC",
"url": "https://telekomsecurity.github.io/assets/advisories/20181108_WeBid_Multiple_Vulnerabilities.txt"
},
{
"name": "http://bugs.webidsupport.com/view.php?id=648",
"refsource": "MISC",
"url": "http://bugs.webidsupport.com/view.php?id=648"
},
{
"name": "https://github.com/renlok/WeBid/commit/256a5f9d3eafbc477dcf77c7682446cc4b449c7f",
"refsource": "MISC",
"url": "https://github.com/renlok/WeBid/commit/256a5f9d3eafbc477dcf77c7682446cc4b449c7f"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-1000868",
"datePublished": "2018-12-20T17:00:00Z",
"dateReserved": "2018-12-20T00:00:00Z",
"dateUpdated": "2024-09-16T22:08:51.962Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-7116
Vulnerability from cvelistv5
Published
2009-08-28 15:00
Modified
2024-08-07 11:56
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the admin panel (admin/) in WeBid auction script 0.5.4 allows remote attackers to execute arbitrary SQL commands via the username.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/44817 | vdb-entry, x_refsource_XF | |
| https://www.exploit-db.com/exploits/6339 | exploit, x_refsource_EXPLOIT-DB | |
| http://www.securityfocus.com/bid/30945 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:56:14.231Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "webid-item-admin-sql-injection(44817)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44817"
},
{
"name": "6339",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/6339"
},
{
"name": "30945",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30945"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-08-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the admin panel (admin/) in WeBid auction script 0.5.4 allows remote attackers to execute arbitrary SQL commands via the username."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "webid-item-admin-sql-injection(44817)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44817"
},
{
"name": "6339",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/6339"
},
{
"name": "30945",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30945"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-7116",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the admin panel (admin/) in WeBid auction script 0.5.4 allows remote attackers to execute arbitrary SQL commands via the username."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "webid-item-admin-sql-injection(44817)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44817"
},
{
"name": "6339",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6339"
},
{
"name": "30945",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30945"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-7116",
"datePublished": "2009-08-28T15:00:00",
"dateReserved": "2009-08-28T00:00:00",
"dateUpdated": "2024-08-07T11:56:14.231Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-1000867
Vulnerability from cvelistv5
Published
2018-12-20 17:00
Modified
2024-09-16 18:43
Severity ?
EPSS score ?
Summary
WeBid version up to current version 1.2.2 contains a SQL Injection vulnerability in All five yourauctions*.php scripts that can result in Database Read via Blind SQL Injection. This attack appear to be exploitable via HTTP Request. This vulnerability appears to have been fixed in after commit 256a5f9d3eafbc477dcf77c7682446cc4b449c7f.
References
| ▼ | URL | Tags |
|---|---|---|
| https://telekomsecurity.github.io/assets/advisories/20181108_WeBid_Multiple_Vulnerabilities.txt | x_refsource_MISC | |
| http://bugs.webidsupport.com/view.php?id=647 | x_refsource_MISC | |
| https://github.com/renlok/WeBid/commit/256a5f9d3eafbc477dcf77c7682446cc4b449c7f | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:47:57.447Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://telekomsecurity.github.io/assets/advisories/20181108_WeBid_Multiple_Vulnerabilities.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugs.webidsupport.com/view.php?id=647"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/renlok/WeBid/commit/256a5f9d3eafbc477dcf77c7682446cc4b449c7f"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"dateAssigned": "2018-12-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "WeBid version up to current version 1.2.2 contains a SQL Injection vulnerability in All five yourauctions*.php scripts that can result in Database Read via Blind SQL Injection. This attack appear to be exploitable via HTTP Request. This vulnerability appears to have been fixed in after commit 256a5f9d3eafbc477dcf77c7682446cc4b449c7f."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-20T17:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://telekomsecurity.github.io/assets/advisories/20181108_WeBid_Multiple_Vulnerabilities.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugs.webidsupport.com/view.php?id=647"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/renlok/WeBid/commit/256a5f9d3eafbc477dcf77c7682446cc4b449c7f"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2018-12-19T20:52:45.250853",
"DATE_REQUESTED": "2018-12-03T08:55:27",
"ID": "CVE-2018-1000867",
"REQUESTER": "nils.stuenkel@t-systems.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WeBid version up to current version 1.2.2 contains a SQL Injection vulnerability in All five yourauctions*.php scripts that can result in Database Read via Blind SQL Injection. This attack appear to be exploitable via HTTP Request. This vulnerability appears to have been fixed in after commit 256a5f9d3eafbc477dcf77c7682446cc4b449c7f."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://telekomsecurity.github.io/assets/advisories/20181108_WeBid_Multiple_Vulnerabilities.txt",
"refsource": "MISC",
"url": "https://telekomsecurity.github.io/assets/advisories/20181108_WeBid_Multiple_Vulnerabilities.txt"
},
{
"name": "http://bugs.webidsupport.com/view.php?id=647",
"refsource": "MISC",
"url": "http://bugs.webidsupport.com/view.php?id=647"
},
{
"name": "https://github.com/renlok/WeBid/commit/256a5f9d3eafbc477dcf77c7682446cc4b449c7f",
"refsource": "MISC",
"url": "https://github.com/renlok/WeBid/commit/256a5f9d3eafbc477dcf77c7682446cc4b449c7f"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-1000867",
"datePublished": "2018-12-20T17:00:00Z",
"dateReserved": "2018-12-20T00:00:00Z",
"dateUpdated": "2024-09-16T18:43:58.903Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}