CRITICAL🇵🇱 Wersja polska

CVE-2024-35409

CVSS 9.8v3.1pub. 2024-05-22upd. 2025-05-28

WeBid 1.1.2 is vulnerable to SQL Injection via admin/tax.php.

🤖 AI Analysis
How it works

The vulnerability results from the lack of proper validation and sanitization of input data passed to SQL queries in the admin/tax.php file. An attacker can inject malicious SQL code directly over the network without needing any privileges or user interaction. This allows manipulation of the logic of database queries in the application.

Impact

An attacker can gain unauthorized access to sensitive data stored in the database, modify or delete data, and in favorable circumstances take full control of the application and database server.

Mitigation & patch

Apply patches available from the vendor according to the references. Additionally, it is recommended to restrict access to the admin panel (admin/ directory) exclusively to trusted IP addresses at the firewall or web server configuration level.

Who is affected

WeBid version 1.1.2

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Webidsupport Webid

    APP
    Webidsupport
    1.1.2
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
SQLi
CWE
References

Related vulnerabilities

CVE-2023-47397CRITICAL9.8ten sam produkt

WeBid <=1.2.2 is vulnerable to code injection via admin/categoriestrans.php.

CVE-2022-41477CRITICAL9.1ten sam produkt

A security issue was discovered in WeBid <=1.2.2. A Server-Side Request Forgery (SSRF) vulnerability in the ad...

CVE-2020-23359CRITICAL9.8ten sam produkt

WeBid 1.2.2 admin/newuser.php has an issue with password rechecking during registration because it uses a loos...

CVE-2024-32166HIGH8.8ten sam produkt

Webid v1.2.1 suffers from an Insecure Direct Object Reference (IDOR) - Broken Access Control vulnerability, al...

CVE-2018-1000867HIGH8.8ten sam produkt

WeBid version up to current version 1.2.2 contains a SQL Injection vulnerability in All five yourauctions*.php...