MidnightBSD

Advisories for phpscripte24

CVE-2010-1269 HIGH

SQL injection vulnerability in auktion.php in phpscripte24 Niedrig Gebote Pro Auktions System II allows remote attackers to execute arbitrary SQL commands via the id_auk parameter.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
phpscripte24 niedrig_gebote_pro_auktions_system_ii *
CVE-2010-1270 HIGH

SQL injection vulnerability in auktion.php in Multi Auktions Komplett System 2 allows remote attackers to execute arbitrary SQL commands via the id_auk parameter.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
phpscripte24 multi_suktions_komplett_system 2
CVE-2010-1854 MEDIUM

Cross-site scripting (XSS) vulnerability in auktion.php in Pay Per Watch & Bid Auktions System allows remote attackers to inject arbitrary web script or HTML via the id_auk parameter, which is not properly handled in a forced SQL error message. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: this might be resultant from CVE-2010-1855.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
phpscripte24 pay_per_watch_&_bid_auktions_system *
CVE-2010-1855 HIGH

SQL injection vulnerability in auktion.php in Pay Per Watch & Bid Auktions System allows remote attackers to execute arbitrary SQL commands via the id_auk parameter.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
phpscripte24 pay_per_watch_&_bid_auktions_system *
CVE-2010-1923 HIGH

SQL injection vulnerability in user.php in Hi Web Wiesbaden Web 2.0 Social Network Freunde Community System allows remote attackers to execute arbitrary SQL commands via the id parameter in a showgallery action.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
phpscripte24 web_social_network_freunde_community 2.0
CVE-2010-1924 HIGH

SQL injection vulnerability in index.php in Hi Web Wiesbaden Live Shopping Multi Portal System allows remote attackers to execute arbitrary SQL commands via the artikel parameter.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
phpscripte24 live_shopping_multi_portal_system *