Intrusion Prevention

PHP.Labs.Top.Auction.SQL.Injection

Description

PHP Labs' Top Auction has a SQL-injection vulnerability. A remote attacker could execute arbitrary SQL commands in the back-end database via a specially-crafted HTTP request to the "viewcat.php" script, with injecting SQL statements in the "category" or "type" parameter.

Affected Products

PHP Labs Top Auction
PHP Labs Survey Wizard

Impact

SQL injection.

Recommended Actions

Currently we are not aware of any official supplied fix for this issue.
http://www.phplabs.com/

CVE References

CVE-2005-3952