Summary
WeBid is prone to multiple vulnerabilities that attackers can leverage to execute arbitrary PHP code because the application fails to adequately sanitize user-supplied input.
Successful attacks can compromise the affected application and possibly the underlying computer.
WeBid 1.0.2 is vulnerable
other versions may also be affected.
Solution
Updates are available. Please see the references for more information.
*** You should remove the line 'array('from' => 'USD', 'to' => '^@')) print('openvas-c-i-test'//', 'rate' => '')' from includes/currencies.php ***
References
Severity
Classification
-
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- A-A-S Application Access Server Multiple Vulnerabilities
- 68designs 68kb Multiple Remote File Include Vulnerabilities
- AdPeeps 'index.php' Multiple Vulnerabilities.
- AlstraSoft AskMe Pro 'forum_answer.php' and 'profile.php' Multiple SQL Injection Vulnerabilities
- Apple Safari PDF Javascript Security Bypass Bypass Vulnerability