Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple SQL injection vulnerabilities in ITechBids 8.0 allow remote attackers to execute arbitrary SQL commands via the (1) user_id parameter to feedback.php, (2) cate_id parameter to category.php, (3) id parameter to news.php, and (4) productid parameter to itechd.php. NOTE: the sellers_othersitem.php, classifieds.php, and shop.php vectors are already covered by CVE-2008-3238.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
ITechBids多个SQL注入漏洞
Vulnerability Description
ITechBids 8.0版本中存在多个SQL注入漏洞。远程攻击者可以借助(1) 对feedback.php的user_id参数, (2)对category.php的cate_id参数, (3) 对news.php的id参数,和(4) 对itechd.php的productid参数,执行任意SQL指令。 NOTE: sellers_othersitem.php, classifieds.php, 和shop.php向量已被CVE-2008-3238覆盖。
CVSS Information
N/A
Vulnerability Type
N/A