Vulnerability Description
SQL injection vulnerability in Softbiz B2B Trading Marketplace Script 1.1 and earler allows remote attackers to execute arbitrary SQL commands via the cid parameter in (1) selloffers.php, (2) buyoffers.php, (3) products.php, or (4) profiles.php.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Softbizscripts | B2B Trading Marketplace Script | <= 1.1 |
References
- http://pridels0.blogspot.com/2005/11/softbiz-b2b-trading-marketplace-script.htmlBroken Link
- http://secunia.com/advisories/17808Third Party Advisory
- http://www.osvdb.org/21252Broken Link
- http://www.osvdb.org/21253Broken Link
- http://www.osvdb.org/21254Broken Link
- http://www.osvdb.org/21255Broken Link
- http://www.securityfocus.com/bid/15652Broken Link
- http://pridels0.blogspot.com/2005/11/softbiz-b2b-trading-marketplace-script.htmlBroken Link
- http://secunia.com/advisories/17808Third Party Advisory
- http://www.osvdb.org/21252Broken Link
- http://www.osvdb.org/21253Broken Link
- http://www.osvdb.org/21254Broken Link
- http://www.osvdb.org/21255Broken Link
- http://www.securityfocus.com/bid/15652Broken Link
FAQ
What is CVE-2005-3937?
CVE-2005-3937 is a vulnerability with a CVSS score of 7.5 (HIGH). SQL injection vulnerability in Softbiz B2B Trading Marketplace Script 1.1 and earler allows remote attackers to execute arbitrary SQL commands via the cid parameter in (1) selloffers.php, (2) buyoffer...
How severe is CVE-2005-3937?
CVE-2005-3937 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-3937?
Check the references section above for vendor advisories and patch information. Affected products include: Softbizscripts B2B Trading Marketplace Script.