|
Description
|
|
Multiple vulnerabilities were identified in PhpAuction, which could be exploited by malicious users to conduct SQL injection and cross site scripting attacks.
- The first issue is due to an input validation error in "index.php", "profile.php", "admin/index.php", "login.php", and "viewnews.php" when processing specially crafted "lan", "auction_id", "username" and "id" parameters, which may be exploited by attackers to cause arbitrary scripting code to be executed by the user's browser.
- The second vulnerability is due to an input validation error in "adsearch.php" and "viewnews.php" when processing a specially crafted "category" or "id" variable, which may be exploited by remote users to conduct SQL injection attacks.
- The third flaw is due to an input validation error when processing a specially crafted cookie, which may be exploited by attackers to bypass the authentication procedure and gain unauthorized access.
|
