Vulnerability Description
SQL injection vulnerability in PHP Labs Top Auction allows remote attackers to execute arbitrary SQL commands via the (1) category and (2) type parameters to viewcat.php, or (3) certain search parameters. NOTE: later a disclosure reported the affected version as 1.0.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Php Labs | Top Auction | 1.0 |
Related Weaknesses (CWE)
References
- http://pridels0.blogspot.com/2005/11/top-auction-multiple-sql-vuln.html
- http://secunia.com/advisories/17687Vendor Advisory
- http://www.osvdb.org/21105
- http://www.osvdb.org/21106
- http://www.securityfocus.com/archive/1/466565/100/200/threaded
- http://www.securityfocus.com/archive/1/466569/100/200/threaded
- http://www.securityfocus.com/bid/15547
- http://www.vupen.com/english/advisories/2005/2552Vendor Advisory
- https://www.exploit-db.com/exploits/3456
- http://pridels0.blogspot.com/2005/11/top-auction-multiple-sql-vuln.html
- http://secunia.com/advisories/17687Vendor Advisory
- http://www.osvdb.org/21105
- http://www.osvdb.org/21106
- http://www.securityfocus.com/archive/1/466565/100/200/threaded
- http://www.securityfocus.com/archive/1/466569/100/200/threaded
FAQ
What is CVE-2005-3952?
CVE-2005-3952 is a vulnerability with a CVSS score of 7.5 (HIGH). SQL injection vulnerability in PHP Labs Top Auction allows remote attackers to execute arbitrary SQL commands via the (1) category and (2) type parameters to viewcat.php, or (3) certain search paramet...
How severe is CVE-2005-3952?
CVE-2005-3952 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-3952?
Check the references section above for vendor advisories and patch information. Affected products include: Php Labs Top Auction.