CVE-2008-2860

Description

SQL injection vulnerability in category.php in AJSquare AJ Auction Pro web 2.0 allows remote attackers to execute arbitrary SQL commands via the cate_id parameter.

Affected products

• aj_square / aj_auctionweb_2.0 – web_2.0

References

• MISChttp://www.securityfocus.com/bid/29839
• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/43218
• EXPLOIThttps://www.exploit-db.com/exploits/5867