AJ Square AJ Auction Pro Platinum Skin #1 sends a redirect but does not exit when it is called directly, which allows remote attackers to bypass authentication via a direct request to admin/user.php.
Max CVSS
7.5
EPSS Score
0.55%
Published
2009-08-13
Updated
2017-09-29
AJ Square AJ Auction OOPD, Pro Platinum Skin #1, Pro Platinum Skin #2, and Web 2.0 send a redirect but do not exit when certain scripts are called directly, which allows remote attackers to bypass authentication via a direct request to (1) site.php, (2) auction.php, (3) mail.php, (4) fee_setting.php, (5) earnings.php, (6) insertion_fee_settings.php, (7) custom_category.php, (8) subcategory.php, (9) category.php, (10) report.php, (11) store_manager.php, and (12) choose_sell_format.php in admin/, and possibly other vectors.
Max CVSS
7.5
EPSS Score
0.69%
Published
2009-08-13
Updated
2017-09-29
SQL injection vulnerability in detail.php in AJ Auction Pro Platinum Skin 2 allows remote attackers to execute arbitrary SQL commands via the item_id parameter.
Max CVSS
7.5
EPSS Score
0.10%
Published
2009-03-06
Updated
2017-09-29
Cross-site scripting (XSS) vulnerability in search.php in AJ Auction Pro Platinum 2 allows remote attackers to inject arbitrary web script or HTML via the product parameter.
Max CVSS
4.3
EPSS Score
0.13%
Published
2009-01-28
Updated
2017-09-29
SQL injection vulnerability in sellers_othersitem.php in AJ Auction Pro Platinum 2 allows remote attackers to execute arbitrary SQL commands via the seller_id parameter.
Max CVSS
7.5
EPSS Score
0.13%
Published
2009-01-28
Updated
2017-09-29
SQL injection vulnerability in category_list.php in AJ Square ZeusCart 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the cid parameter.
Max CVSS
7.5
EPSS Score
0.06%
Published
2008-11-24
Updated
2017-09-29
SQL injection vulnerability in featured_article.php in AJ Article 1.0 allows remote attackers to execute arbitrary SQL commands via the artid parameter in a search detail action.
Max CVSS
7.5
EPSS Score
0.09%
Published
2008-11-24
Updated
2017-09-29
SQL injection vulnerability in classifide_ad.php in AJ Auction 6.2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the item_id parameter.
Max CVSS
7.5
EPSS Score
0.06%
Published
2008-11-24
Updated
2017-09-29
SQL injection vulnerability in article/readarticle.php in AJ Square aj-hyip (aka AJ HYIP Acme) allows remote attackers to execute arbitrary SQL commands via the artid parameter.
Max CVSS
7.5
EPSS Score
0.09%
Published
2008-09-11
Updated
2017-09-29
Multiple SQL injection vulnerabilities in AJ Square AJ HYIP Acme allow remote attackers to execute arbitrary SQL commands via the artid parameter to (1) acme/article/comment.php and (2) prime/article/comment.php.
Max CVSS
7.5
EPSS Score
0.06%
Published
2008-09-11
Updated
2017-09-29
SQL injection vulnerability in category.php in AJSquare AJ Auction Pro web 2.0 allows remote attackers to execute arbitrary SQL commands via the cate_id parameter.
Max CVSS
7.5
EPSS Score
0.06%
Published
2008-06-25
Updated
2017-09-29
SQL injection vulnerability in forum/topic_detail.php in AJ Square aj-hyip (aka AJ HYIP Acme) allows remote attackers to execute arbitrary SQL commands via the id parameter.
Max CVSS
7.5
EPSS Score
0.06%
Published
2008-06-03
Updated
2017-09-29
SQL injection vulnerability in subcat.php in AJ Auction 1.0 allows remote attackers to execute arbitrary SQL commands via the cate_id parameter.
Max CVSS
7.5
EPSS Score
0.82%
Published
2007-03-07
Updated
2017-10-11
SQL injection vulnerability in view_profile.php in AJDating 1.0 allows remote attackers to execute arbitrary SQL commands via the user_id parameter.
Max CVSS
7.5
EPSS Score
84.77%
Published
2007-03-07
Updated
2017-10-11
SQL injection vulnerability in postingdetails.php in AJ Classifieds 1.0 allows remote attackers to execute arbitrary SQL commands via the postingid parameter.
Max CVSS
7.5
EPSS Score
0.65%
Published
2007-03-07
Updated
2017-10-11
15 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!