|
Description
|
|
Two vulnerabilities were reported in phpBB-Auction, which may be exploited by attackers to execute arbitrary SQL commands or disclose the full web path. The first flaw is due to an SQL injection error in the "auction_rating.php" and "auction_offer.php" scripts when handling specially crafted "u" and "ar" parameters. The second vulnerability is due to an input validation error in the "auction_myauctions.php" script when handling a specially crafted "mode" parameter, which may be exploited to display the installation path.
|
