← back
CVE-2006-3940

CVE-2006-3940

EPSS 1.1%
Multiple SQL injection vulnerabilities in phpbb-Auction allow remote attackers to execute arbitrary SQL commands via (1) the ar parameter in auction_room.php and (2) the u parameter in auction_store.php. NOTE: the auction_rating.php vector is already covered by CVE-2005-1234. NOTE: the original disclosure states that the product name is "PHP-Auction", but this is probably an error.
Affected products
n/a · n/a
public PoCs found2
exploitdbwww.exploit-db.com/exploits/28281unverifiedexploitdbwww.exploit-db.com/exploits/28282unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://securityreason.com/securityalert/1306https://exchange.xforce.ibmcloud.com/vulnerabilities/28006http://www.aria-security.net/advisory/phpauction.txthttp://www.securityfocus.com/archive/1/441190/100/0/threadedhttp://www.securityfocus.com/bid/19179