Home/Product/webidsupport webid
Product

webidsupport webid

18 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2024-35409
all versions
WeBid 1.1.2 is vulnerable to SQL Injection via admin/tax.php.
9.8CRITICAL
 CVE-2024-32166
all versions
Webid v1.2.1 suffers from an Insecure Direct Object Reference (IDOR) - Broken Access Control vulnerability, allowing attackers to
8.8HIGH
 CVE-2023-47397
<= 1.2.2
WeBid <=1.2.2 is vulnerable to code injection via admin/categoriestrans.php.
9.8CRITICAL
 CVE-2022-41477
<= 1.2.2
A security issue was discovered in WeBid <=1.2.2. A Server-Side Request Forgery (SSRF) vulnerability in the admin/theme.php file a
9.1CRITICAL
 CVE-2020-23359
all versions
WeBid 1.2.2 admin/newuser.php has an issue with password rechecking during registration because it uses a loose comparison to chec
9.8CRITICAL
 CVE-2019-11592
all versions
WeBid 1.2.2 has reflected XSS via the id parameter to admin/deletenews.php, admin/editbannersuser.php, admin/editfaqscategory.php,
6.1MEDIUM
 CVE-2018-1000882
<= 1.2.2
WeBid version up to current version 1.2.2 contains a Directory Traversal vulnerability in getthumb.php that can result in Arbitrar
7.5HIGH
 CVE-2018-1000868
<= 1.2.2
WeBid version up to current version 1.2.2 contains a Cross Site Scripting (XSS) vulnerability in user_login.php, register.php that
6.1MEDIUM
 CVE-2018-1000867
<= 1.2.2
WeBid version up to current version 1.2.2 contains a SQL Injection vulnerability in All five yourauctions*.php scripts that can re
8.8HIGH
 CVE-2014-5114
all versions
WeBid 1.1.1 allows remote attackers to conduct an LDAP injection attack via the (1) js or (2) cat parameter.
 CVE-2014-5101
all versions
Multiple cross-site scripting (XSS) vulnerabilities in WeBid 1.1.1 allow remote attackers to inject arbitrary web script or HTML v
 CVE-2010-4873
all versions
Cross-site scripting (XSS) vulnerability in confirm.php in WeBid 0.8.5 P1 allows remote attackers to inject arbitrary web script o
 CVE-2011-3815
all versions
WeBid 1.0.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the install
 CVE-2008-7119
all versions
SQL injection vulnerability in item.php in WeBid auction script 0.5.4 allows remote attackers to execute arbitrary SQL commands vi
 CVE-2008-7118
all versions
WeBid auction script 0.5.4 stores sensitive information under the web root with insufficient access control, which allows remote a
 CVE-2008-7117
all versions
eledicss.php in WeBid auction script 0.5.4 allows remote attackers to modify arbitrary cascading style sheets (CSS) files via a ce
 CVE-2008-7116
all versions
SQL injection vulnerability in the admin panel (admin/) in WeBid auction script 0.5.4 allows remote attackers to execute arbitrary
 CVE-2008-1470
all versions
Incomplete blacklist vulnerability in IISWebAgentIF.dll in the WebID RSA Authentication Agent 5.3, and possibly earlier, allows re
SOC and Response
CVE triage
Stack monitoring
Am I affected
IOC triage
KEV catalog
Recently exploited
Daily brief
Change tracking
Detection Engineering
Coverage workspace
Detection coverage
Coverage check
Telemetry ceiling
SIEM query builder
Sigma rules
SIEM rules
YARA rules
Network rules
D3FEND
Threat Hunting
Threat actors
ATT&CK techniques
Attack paths
Indicators
Atomic tests
Red Team and Pentest
Exploitability triage
Recon pack
Attack paths
CAPEC patterns
Adversary emulation
Compliance and GRC
Framework mapping
Control assessment
Audit view
Coverage report
Atlas Search Threat actors Techniques Tools & malware CWE CAPEC KEV catalog Package vulns
About All capabilities Pricing API docs Live status Privacy policy Terms of service
threatengine.sh