Description

WeBid version up to current version 1.2.2 contains a SQL Injection vulnerability in All five yourauctions*.php scripts that can result in Database Read via Blind SQL Injection. This attack appear to be exploitable via HTTP Request. This vulnerability appears to have been fixed in after commit 256a5f9d3eafbc477dcf77c7682446cc4b449c7f.

Remediation

References

CVE-2018-1000867

Related Vulnerabilities

ownCloud Improper Authentication Vulnerability (CVE-2016-9463)

Internet Information Services Other Vulnerability (CVE-2001-0335)

Apache Tomcat Other Vulnerability (CVE-2007-3384)

Joomla! Core Security Bypass (2.5.0 - 3.9.18)

Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2011-4306)

Severity

High

Classification

CVE-2018-1000867 CWE-138 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Missing Update Known Vulnerabilities