CVE-2005-3937

Softbiz B2b Trading Marketplace Script < 1.1 - SQL Injection

Title source: rule

Description

SQL injection vulnerability in Softbiz B2B Trading Marketplace Script 1.1 and earler allows remote attackers to execute arbitrary SQL commands via the cid parameter in (1) selloffers.php, (2) buyoffers.php, (3) products.php, or (4) profiles.php.

Exploits (5)

exploitdb WRITEUP VERIFIED

by r0t · textwebappsphp

https://www.exploit-db.com/exploits/26672

View Code ZIP pw:eip

exploitdb WRITEUP VERIFIED

by r0t · textwebappsphp

https://www.exploit-db.com/exploits/26670

View Code ZIP pw:eip

exploitdb WRITEUP VERIFIED

by r0t · textwebappsphp

https://www.exploit-db.com/exploits/26669

View Code ZIP pw:eip

exploitdb WRITEUP VERIFIED

by r0t · textwebappsphp

https://www.exploit-db.com/exploits/26671

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by AnGrY BoY · textwebappsphp

https://www.exploit-db.com/exploits/10656

View Code ZIP pw:eip

References (7)

[Third Party Advisory] http://pridels0.blogspot.com/2005/11/softbiz-b2b-trading-marketplace-script.html

[Vendor Advisory] http://secunia.com/advisories/17808

[Exploit] http://www.securityfocus.com/bid/15652

[Third Party Advisory, VDB Entry] http://www.osvdb.org/21252

[Third Party Advisory, VDB Entry] http://www.osvdb.org/21253

[Third Party Advisory, VDB Entry] http://www.osvdb.org/21254

[Third Party Advisory, VDB Entry] http://www.osvdb.org/21255

Scores

EPSS 0.0063

EPSS Percentile 70.0%

Classification

Status draft

Affected Products (1)

softbiz/b2b_trading_marketplace_script < 1.1

Timeline

Published Dec 01, 2005

Tracked Since Feb 18, 2026