CVE-2010-1855
Phpscripte24 Pay Per Watch & Bid Auktions System - SQL Injection
Title source: ruleDescription
SQL injection vulnerability in auktion.php in Pay Per Watch & Bid Auktions System allows remote attackers to execute arbitrary SQL commands via the id_auk parameter.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Easy Laster · textwebappsphp
https://www.exploit-db.com/exploits/11816
References (8)
Core 8
Core References
Various Sources x_refsource_misc
http://4004securityproject.wordpress.com/2010/03/20/pay-per-watch-bid-auktions-system-blind-sql-injection-auktion-php-id_auk/
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2010/0670
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/39059
Exploit x_refsource_misc
http://packetstormsecurity.org/1003-exploits/ppwb-sql.txt
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/38878
Exploit exploit
x_refsource_exploit-db
http://www.exploit-db.com/exploits/11816
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/57055
Exploit vdb-entry
x_refsource_osvdb
http://osvdb.org/63131
Scores
EPSS
0.0268
EPSS Percentile
85.9%
Details
CWE
CWE-89
Status
published
Products (1)
phpscripte24/pay_per_watch_\&_bid_auktions_system
Published
May 07, 2010
Tracked Since
Feb 18, 2026