Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Webid
(Webidsupport)| Repositories | https://github.com/renlok/WeBid |
| #Vulnerabilities | 15 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2011-10-07 | CVE-2010-4873 | Cross-site scripting (XSS) vulnerability in confirm.php in WeBid 0.8.5 P1 allows remote attackers to inject arbitrary web script or HTML via the id parameter. | Webid | N/A | ||
| 2009-08-28 | CVE-2008-7119 | SQL injection vulnerability in item.php in WeBid auction script 0.5.4 allows remote attackers to execute arbitrary SQL commands via the id parameter. | Webid | N/A | ||
| 2009-08-28 | CVE-2008-7118 | WeBid auction script 0.5.4 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain SQL query logs via a direct request for logs/cron.log. | Webid | N/A | ||
| 2009-08-28 | CVE-2008-7117 | eledicss.php in WeBid auction script 0.5.4 allows remote attackers to modify arbitrary cascading style sheets (CSS) files via a certain request with the file parameter set to style.css. NOTE: this can probably be leveraged for cross-site scripting (XSS) attacks. | Webid | N/A | ||
| 2009-08-28 | CVE-2008-7116 | SQL injection vulnerability in the admin panel (admin/) in WeBid auction script 0.5.4 allows remote attackers to execute arbitrary SQL commands via the username. | Webid | N/A |