Summary
WeBid is prone to multiple vulnerabilities that attackers can leverage to execute arbitrary PHP code because the application fails to adequately sanitize user-supplied input.
Successful attacks can compromise the affected application and possibly the underlying computer.
WeBid 1.0.2 is vulnerable
other versions may also be affected.
Solution
Updates are available. Please see the references for more information.
*** You should remove the line 'array('from' => 'USD', 'to' => '^@')) print('openvas-c-i-test'//', 'rate' => '')' from includes/currencies.php ***
References
Severity
Classification
-
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Atlassian JIRA Privilege Escalation and Multiple Cross Site Scripting Vulnerabilities
- Andy's PHP Knowledgebase 'step5.php' Remote PHP Code Execution Vulnerability
- Allegro RomPager `Misfortune Cookie` Vulnerability
- Artmedic Kleinanzeigen File Inclusion Vulnerability
- ASP Inline Corporate Calendar SQL injection