Description
Multiple SQL injection vulnerabilities in ActiveBuyAndSell 6.2 allow remote attackers to execute arbitrary SQL commands via the catid parameter to (1) default.asp or (2) buyersend.asp, (3) Administrator ID field in admin.asp, E-mail field in (4) advertiserstart.asp or (5) buyer.asp, or Keyword field in search.asp.
Exploits (2)
exploitdb
WORKING POC
VERIFIED
by CyberGhost · textwebappsasp
https://www.exploit-db.com/exploits/3550
References (6)
Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/33183
Exploit, Third Party Advisory exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/3550
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2007/1096
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=111963341429906&w=2
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/23110
Various Sources x_refsource_misc
http://echo.or.id/adv/adv21-theday-2005.txt
Scores
EPSS
0.0248
EPSS Percentile
85.4%
Details
Status
published
Products (1)
active_web_softwares/activebuyandsell
6.2
Published
Jun 29, 2005
Tracked Since
Feb 18, 2026