CVE-2005-3952

critical

Description

SQL injection vulnerability in PHP Labs Top Auction allows remote attackers to execute arbitrary SQL commands via the (1) category and (2) type parameters to viewcat.php, or (3) certain search parameters. NOTE: later a disclosure reported the affected version as 1.0.

References

https://www.exploit-db.com/exploits/3456

http://www.vupen.com/english/advisories/2005/2552

http://www.securityfocus.com/bid/15547

http://www.securityfocus.com/archive/1/466569/100/200/threaded

http://www.securityfocus.com/archive/1/466565/100/200/threaded

http://www.osvdb.org/21106

http://www.osvdb.org/21105

http://secunia.com/advisories/17687

http://pridels0.blogspot.com/2005/11/top-auction-multiple-sql-vuln.html

Details

Source: Mitre, NVD

Published: 2005-12-01

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.06931