CVE-2009-4058

Telebid Auction Script - SQL Injection

Title source: llm
STIX 2.1

Description

SQL injection vulnerability in allauctions.php in Telebid Auction Script allows remote attackers to execute arbitrary SQL commands via the aid parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Hussin X · textwebappsphp
https://www.exploit-db.com/exploits/10165

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/60307
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/37417
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/54349

Scores

EPSS 0.0018
EPSS Percentile 39.6%

Details

CWE
CWE-89
Status published
Products (1)
telebidauctionscript/telebid_auction_script
Published Nov 24, 2009
Tracked Since Feb 18, 2026