Every CVE whose affected-product data names Webidsupport Webid, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (17)
CVE-2020-23359 — CVSS 9.8 (critical): WeBid 1.2.2 admin/newuser.php has an issue with password rechecking during registration because it uses a loose comparison to check the…
CVE-2022-41477 — CVSS 9.1 (critical): A security issue was discovered in WeBid <=1.2.2. A Server-Side Request Forgery (SSRF) vulnerability in the admin/theme.php file allows…
CVE-2018-1000867 — CVSS 8.8 (high): WeBid version up to current version 1.2.2 contains a SQL Injection vulnerability in All five yourauctions*.php scripts that can result in…
CVE-2024-32166 — CVSS 8.8 (high): Webid v1.2.1 suffers from an Insecure Direct Object Reference (IDOR) - Broken Access Control vulnerability, allowing attackers to buy now…
CVE-2008-7119 — CVSS 7.5 (high): SQL injection vulnerability in item.php in WeBid auction script 0.5.4 allows remote attackers to execute arbitrary SQL commands via the id…
CVE-2014-5114 — CVSS 7.5 (high): WeBid 1.1.1 allows remote attackers to conduct an LDAP injection attack via the (1) js or (2) cat parameter.
CVE-2008-7116 — CVSS 7.5 (high): SQL injection vulnerability in the admin panel (admin/) in WeBid auction script 0.5.4 allows remote attackers to execute arbitrary SQL…
CVE-2018-1000882 — CVSS 7.5 (high): WeBid version up to current version 1.2.2 contains a Directory Traversal vulnerability in getthumb.php that can result in Arbitrary Image…
CVE-2018-1000868 — CVSS 6.1 (medium): WeBid version up to current version 1.2.2 contains a Cross Site Scripting (XSS) vulnerability in user_login.php, register.php that can…
CVE-2019-11592 — CVSS 6.1 (medium): WeBid 1.2.2 has reflected XSS via the id parameter to admin/deletenews.php, admin/editbannersuser.php, admin/editfaqscategory.php, or…
CVE-2011-3815 — CVSS 5.0 (medium): WeBid 1.0.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation…
CVE-2008-7118 — CVSS 5.0 (medium): WeBid auction script 0.5.4 stores sensitive information under the web root with insufficient access control, which allows remote attackers…
CVE-2008-7117 — CVSS 5.0 (medium): eledicss.php in WeBid auction script 0.5.4 allows remote attackers to modify arbitrary cascading style sheets (CSS) files via a certain…
CVE-2010-4873 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in confirm.php in WeBid 0.8.5 P1 allows remote attackers to inject arbitrary web script or HTML…
CVE-2014-5101 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in WeBid 1.1.1 allow remote attackers to inject arbitrary web script or HTML via the…