| VID |
21652 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The PHPAuction software is seemed to be vulnerable to multiple remote vulnerabilities. PHPAuction is an open-source online auction software package, developed by Gianluca Baldo. PHPAuction version 2.5 and possibly other versions are vulnerable to multiple vulnerabilities, which can allow a remote attacker to gain unauthorized access to a site and carry out SQL injection, cross-site scripting attacks and arbitrary PHP code execution.
* References:
http://securitytracker.com/alerts/2005/Jul/1014423.html
* Platforms Affected:
Gianluca Baldo, PHPAuction version 2.5 and possibly other versions
Linux Any version
Microsoft Windows Any version |
| Recommendation |
No upgrade or patch available as of July 2005.
Upgrade to the latest version of PHPAuction, when new fixed version becomes available from the PHPAuction Web site at http://www.phpauction.org/html/index.php |
| Related URL |
CVE-2005-2252,CVE-2005-2253,CVE-2005-2254,CVE-2005-2255 (CVE) |
| Related URL |
14184 (SecurityFocus) |
| Related URL |
21306,21308,21310,21311 (ISS) |
|
