CVE-2008-5212

Description

SQL injection vulnerability in classifide_ad.php in AJ Auction 6.2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the item_id parameter.

Affected products

• aj_square / aj_auction6.2.1
• aj_square / aj_auction1.0 – 1.0
• aj_square / aj_auctionweb_2.0 – web_2.0
• aj_square / aj_auctionweb_2.0 – web_2.0

References

• EXPLOIThttps://www.exploit-db.com/exploits/5591
• MISChttp://securityreason.com/securityalert/4627
• MISChttp://www.securityfocus.com/bid/29150
• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/42328