WeBid 1.1.2 is vulnerable to SQL Injection via admin/tax.php.
The vulnerability results from the lack of proper validation and sanitization of input data passed to SQL queries in the admin/tax.php file. An attacker can inject malicious SQL code directly over the network without needing any privileges or user interaction. This allows manipulation of the logic of database queries in the application.
An attacker can gain unauthorized access to sensitive data stored in the database, modify or delete data, and in favorable circumstances take full control of the application and database server.
Apply patches available from the vendor according to the references. Additionally, it is recommended to restrict access to the admin panel (admin/ directory) exclusively to trusted IP addresses at the firewall or web server configuration level.
WeBid version 1.1.2
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HWebidsupport Webid
APPWebidsupport1.1.2
Related vulnerabilities
WeBid <=1.2.2 is vulnerable to code injection via admin/categoriestrans.php.
A security issue was discovered in WeBid <=1.2.2. A Server-Side Request Forgery (SSRF) vulnerability in the ad...
WeBid 1.2.2 admin/newuser.php has an issue with password rechecking during registration because it uses a loos...
Webid v1.2.1 suffers from an Insecure Direct Object Reference (IDOR) - Broken Access Control vulnerability, al...
WeBid version up to current version 1.2.2 contains a SQL Injection vulnerability in All five yourauctions*.php...