CNNVD-202508-1452 Information

CNNVD ID

CNNVD-202508-1452

Related CVE

CVE-2011-10011

• CNNVD Published: 2025-08-13

Description (Chinese)

Sourceforge WeBid是Sourceforge开源的一个用于在线拍卖和销售产品的开源网站项目。 Sourceforge WeBid 1.0.2版本存在安全漏洞，该漏洞源于converter.php脚本未清理POST请求中to参数，可能导致远程代码执行。

Description (English)

Sourceforge WeBid is an open-source project for online auctions and sales of products. The security gap in version 1.0.2 of SourceForgeWeBid originated from the failure of the converter.php script to clear the parameters in the POST request, which could lead to remote code execution.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Sourceforge

Published

2025-08-13

Last Modified

2026-02-24

References

https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/ https://sourceforge.net/projects/simpleauction/ http://www.webidsupport.com/forums/showthread.php?3892 https://web.archive.org/web/20121024110058/ https://www.exploit-db.com/exploits/17487 https://www.exploit-db.com/exploits/18934 https://www.vulncheck.com/advisories/webid-remote-php-code-injection