CVE-2009-0429

Multiple SQL injection vulnerabilities in Active Bids allow remote attackers to execute arbitrary SQL commands via the (1) search parameter to search.asp, (2) SortDir parameter to auctionsended.asp, and the (3) catid parameter to wishlist.php.
Configurations

Configuration 1 (hide)

cpe:2.3:a:activewebsoftwares:active_bids:*:*:*:*:*:*:*:*

History

21 Nov 2024, 00:59

Type Values Removed Values Added
References () http://www.securityfocus.com/archive/1/500144/100/0/threaded - () http://www.securityfocus.com/archive/1/500144/100/0/threaded -
References () http://www.securityfocus.com/bid/33306 - Exploit () http://www.securityfocus.com/bid/33306 - Exploit

Information

Published : 2009-02-05 00:30

Updated : 2024-11-21 00:59


NVD link : CVE-2009-0429

Mitre link : CVE-2009-0429

CVE.ORG link : CVE-2009-0429


JSON object : View

Products Affected

activewebsoftwares

  • active_bids
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')