CVE-2005-3952

PHP Labs Top Auction - SQL Injection

Title source: rule

Description

SQL injection vulnerability in PHP Labs Top Auction allows remote attackers to execute arbitrary SQL commands via the (1) category and (2) type parameters to viewcat.php, or (3) certain search parameters. NOTE: later a disclosure reported the affected version as 1.0.

Exploits (1)

exploitdb WORKING POC VERIFIED

by ajann · perlwebappsphp

https://www.exploit-db.com/exploits/3456

View Code ZIP pw:eip

References (9)

[Vendor Advisory] http://www.vupen.com/english/advisories/2005/2552

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/3456

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/15547

[Third Party Advisory] http://pridels0.blogspot.com/2005/11/top-auction-multiple-sql-vuln.html

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/466565/100/200/threaded

[Third Party Advisory, VDB Entry] http://www.osvdb.org/21106

[Vendor Advisory] http://secunia.com/advisories/17687

[Third Party Advisory, VDB Entry] http://www.osvdb.org/21105

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/466569/100/200/threaded

Scores

EPSS 0.0349

EPSS Percentile 87.6%

Details

CWE

CWE-89

Status published

Products (1)

php_labs/top_auction 1.0

Published Dec 01, 2005

Tracked Since Feb 18, 2026