vendor:
iTechBids v3 Gold
by:
QTRinux
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: iTechBids v3 Gold
Affected Version From: 3
Affected Version To: 3
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008
iTechBids v3 Gold Remote SQL injection
A vulnerability exists in iTechBids v3 Gold, which can be exploited by malicious people to conduct SQL injection attacks. The vulnerability is caused due to the bidhistory.php script not properly sanitizing user-supplied input to the 'item_id' parameter. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation may allow execution of arbitrary SQL commands in the context of the webserver process. The vulnerability is confirmed in version 3.0. Other versions may also be affected.
Mitigation:
Input validation should be used to prevent SQL injection attacks.