Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

WeBid Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2024-35409)

Description

WeBid 1.1.2 is vulnerable to SQL Injection via admin/tax.php.

Remediation

References

Related Vulnerabilities

WordPress 3.8.x PHP Object Injection (3.8 - 3.8.35)

PostgreSQL Other Vulnerability (CVE-2002-1400)

WordPress Plugin Ultimate Member-User Profile, Registration, Login, Member Directory, Content Restriction & Membership Security Bypass (1.3.75)

Oracle Application Server CVE-2009-0989 Vulnerability (CVE-2009-0989)

SharePoint Out-of-bounds Read Vulnerability (CVE-2025-59232)

Severity

Critical

Classification

CVE-2024-35409 CWE-138 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities