CVE-2008-6966
AJ Square AJ Auction Pro Platinum Skin #1 - Unauthenticated Authentication Bypass via Direct Request
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2008-6966. PoCs published by G4N0K.
AI-analyzed exploit summary This is a writeup detailing an authentication bypass vulnerability in AJ Auction software. It lists affected versions and paths to exploit the vulnerability, but does not include functional exploit code.
Description
AJ Square AJ Auction Pro Platinum Skin #1 sends a redirect but does not exit when it is called directly, which allows remote attackers to bypass authentication via a direct request to admin/user.php.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by G4N0K · textwebappsphp
https://www.exploit-db.com/exploits/7087
This is a writeup detailing an authentication bypass vulnerability in AJ Auction software. It lists affected versions and paths to exploit the vulnerability, but does not include functional exploit code.
Classification
Writeup 90%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target:
AJ Auction (various versions including Pro Platinum Skin #1, Pro Platinum Skin #2, and Web 2.0)
No auth needed
Prerequisites:
Access to the target admin panel URLs
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026
Full analysis →
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/46528
Exploit, Third Party Advisory exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/7087
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/32243
Scores
EPSS
0.0250
EPSS Percentile
82.6%
Details
CWE
CWE-264
Status
published
Products (1)
aj_square/aj_auction
1.0
Published
Aug 13, 2009
Tracked Since
Feb 18, 2026