WeBid 'converter.php' Multiple Remote PHP Code Injection Vulnerabilities Network Vulnerability

Summary

WeBid is prone to multiple vulnerabilities that attackers can leverage to execute arbitrary PHP code because the application fails to adequately sanitize user-supplied input. Successful attacks can compromise the affected application and possibly the underlying computer. WeBid 1.0.2 is vulnerable other versions may also be affected.

Solution

Updates are available. Please see the references for more information. *** You should remove the line 'array('from' => 'USD', 'to' => '^@')) print('openvas-c-i-test'//', 'rate' => '')' from includes/currencies.php ***

References

http://www.securityfocus.com/bid/48554
http://www.webidsupport.com
http://www.webidsupport.com/forums/showthread.php?3892

Updated on 2015-03-25

Severity

Classification

CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Atlassian JIRA Privilege Escalation and Multiple Cross Site Scripting Vulnerabilities
Andy's PHP Knowledgebase 'step5.php' Remote PHP Code Execution Vulnerability
Allegro RomPager `Misfortune Cookie` Vulnerability
Artmedic Kleinanzeigen File Inclusion Vulnerability
ASP Inline Corporate Calendar SQL injection

Take action and discover your vulnerabilities