Description
Multiple SQL injection vulnerabilities in Open Auto Classifieds 1.4.3b allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to listings.php and (2) the username field to login.php.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by InjEctOr5 · textwebappsphp
https://www.exploit-db.com/exploits/5531
References (6)
Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/42158
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/50255
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/29027
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/50256
Exploit, Third Party Advisory exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/5531
Release Notes x_refsource_confirm
http://freshmeat.net/projects/openauto/releases/277061
Scores
EPSS
0.0062
EPSS Percentile
70.1%
Details
CWE
CWE-89
Status
published
Products (1)
openautoclassifieds/open_auto_classifieds
1.4.3b
Published
Apr 07, 2009
Tracked Since
Feb 18, 2026