|
Description
|
|
Two vulnerabilities have been reported in Guru Auction, which can be exploited by malicious people to conduct SQL injection attacks.
1) Input passed via the "cate_id" parameter to subcat.php is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
2) Input passed via the "item_id" parameter to detail.php is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
The vulnerabilities are reported in version 2.0. Other versions may also be affected.
|
