CVE-2008-6778

Scripts-for-sites EZ Auction - SQL Injection

Title source: rule

Description

SQL injection vulnerability in viewfaqs.php in Scripts for Sites (SFS) EZ Auction allows remote attackers to execute arbitrary SQL commands via the cat parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Stack · textwebappsphp

https://www.exploit-db.com/exploits/6918

View Code ZIP pw:eip

References (5)

[Exploit] http://osvdb.org/49513

[Vendor Advisory] http://secunia.com/advisories/32528

[Exploit] http://www.securityfocus.com/bid/32036

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/46276

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/6918

Scores

EPSS 0.0036

EPSS Percentile 57.4%

Classification

CWE

CWE-89

Status draft

Affected Products (1)

scripts-for-sites/ez_auction

Timeline

Published May 01, 2009

Tracked Since Feb 18, 2026