CVEブラウザに戻る

CVE-2006-7005

HIGH

7.5

CVSS Severity Score

EPSS Score0.1570%

EPSS Percentile23.35th

Published2007年2月12日

Last Modified2026年4月23日

Vulnerability Description

SQL injection vulnerability in item.php in PSY Auction allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Affected Platforms (CPE)

📦

Php Script Tools

Psy Auction

All versions

References & Advisories

🔗 http://www.securityfocus.com/bid/17974

🔗 http://www.securityfocus.com/data/vulnerabilities/exploits/PSYAuction-0515-sql-html.txt

🔗 http://www.securityfocus.com/bid/17974

🔗 http://www.securityfocus.com/data/vulnerabilities/exploits/PSYAuction-0515-sql-html.txt

関連する脆弱性情報

CVE-2006-70046.8

Cross-site scripting (XSS) vulnerability in email_request.php in PSY Auction allows remote attackers to inject arbitrary web scrip...

CVE-2006-446110.0

Paessler IPCheck Server Monitor before 5.3.3.639/640 does not properly implement a "list of acceptable host IP addresses in the pr...

CVE-2006-502510.0

Multiple unspecified vulnerabilities in Paisterist Simple HTTP Scanner (sHTTPScanner) before 0.2 have unknown impact and attack ve...

CVE-2006-623510.0

A "stack overwrite" vulnerability in GnuPG (gpg) 1.x before 1.4.6, 2.x before 2.0.2, and 1.9.0 through 1.9.95 allows attackers to ...