CVE-2005-3937 Information

Description

SQL injection vulnerability in Softbiz B2B Trading Marketplace Script 1.1 and earler allows remote attackers to execute arbitrary SQL commands via the cid parameter in (1) selloffers.php (2) buyoffers.php (3) products.php or (4) profiles.php.

Reference

http://pridels0.blogspot.com/2005/11/softbiz-b2b-trading-marketplace-script.html http://secunia.com/advisories/17808 http://www.osvdb.org/21252 http://www.osvdb.org/21253 http://www.osvdb.org/21254 http://www.osvdb.org/21255 http://www.securityfocus.com/bid/15652