Itech Auction Script 6.49 /mcategory.php mcid Blind sql injection

A vulnerability was found in Itech Auction Script 6.49. It has been classified as critical. This affects an unknown part of the file /mcategory.php. The manipulation of the argument mcid with the input 4' AND 1734=1734 AND 'Ggks'='Ggks leads to sql injection (Blind). The CWE definition for the vulnerability is CWE-89. The weakness was released 01/30/2017 as ID 96261 as Entry (VulDB). The advisory is shared at vuldb.com. This vulnerability is uniquely identified as CVE-2017-20138. It is possible to initiate the attack remotely. Technical details are available. There is no exploit available. The price for an exploit might be around USD $0-$5k at the moment. MITRE ATT&CK project uses the attack technique T1505 for this issue. It is declared as not defined. We expect the 0-day to have been worth approximately $0-$5k. A possible mitigation has been published even before and not after the disclosure of the vulnerability.

Field11/11/2022 07:5111/11/2022 07:5711/11/2022 08:02
vendorItechItechItech
nameAuction ScriptAuction ScriptAuction Script
version6.496.496.49
file/mcategory.php/mcategory.php/mcategory.php
argumentmcidmcidmcid
input_value4' AND 1734=1734 AND 'Ggks'='Ggks4' AND 1734=1734 AND 'Ggks'='Ggks4' AND 1734=1734 AND 'Ggks'='Ggks
risk222
cvss2_vuldb_basescore6.06.06.0
cvss2_vuldb_tempscore5.45.45.4
cvss2_vuldb_avNNN
cvss2_vuldb_acMMM
cvss2_vuldb_ciPPP
cvss2_vuldb_iiPPP
cvss2_vuldb_aiPPP
cvss3_meta_basescore6.37.57.5
cvss3_meta_tempscore5.87.37.3
cvss3_vuldb_basescore6.36.36.3
cvss3_vuldb_tempscore5.85.85.8
cvss3_vuldb_avNNN
cvss3_vuldb_acLLL
cvss3_vuldb_uiNNN
cvss3_vuldb_sUUU
cvss3_vuldb_cLLL
cvss3_vuldb_iLLL
cvss3_vuldb_aLLL
titlewordBlindBlindBlind
date1485734400 (01/30/2017)1485734400 (01/30/2017)1485734400 (01/30/2017)
locationVulDBVulDBVulDB
typeEntryEntryEntry
urlhttps://vuldb.com/?id.96261https://vuldb.com/?id.96261https://vuldb.com/?id.96261
identifierID 96261ID 96261ID 96261
price_0day$0-$5k$0-$5k$0-$5k
cvss2_vuldb_eNDNDND
cvss2_vuldb_rlUUU
cvss2_vuldb_rcUCUCUC
cvss3_vuldb_eXXX
cvss3_vuldb_rlUUU
cvss3_vuldb_rcUUU
cvss2_vuldb_auSSS
cvss3_vuldb_prLLL
typeAuction SoftwareAuction SoftwareAuction Software
cwe89 (sql injection)89 (sql injection)89 (sql injection)
cveCVE-2017-20138CVE-2017-20138CVE-2017-20138
responsibleVulDBVulDBVulDB
cve_assigned1656367200 (06/28/2022)1656367200 (06/28/2022)1656367200 (06/28/2022)
cve_nvd_summaryA vulnerability was found in Itech Auction Script 6.49. It has been classified as critical. This affects an unknown part of the file /mcategory.php. The manipulation of the argument mcid with the input 4' AND 1734=1734 AND 'Ggks'='Ggks leads to sql injection (Blind). It is possible to initiate the attack remotely.A vulnerability was found in Itech Auction Script 6.49. It has been classified as critical. This affects an unknown part of the file /mcategory.php. The manipulation of the argument mcid with the input 4' AND 1734=1734 AND 'Ggks'='Ggks leads to sql injection (Blind). It is possible to initiate the attack remotely.A vulnerability was found in Itech Auction Script 6.49. It has been classified as critical. This affects an unknown part of the file /mcategory.php. The manipulation of the argument mcid with the input 4' AND 1734=1734 AND 'Ggks'='Ggks leads to sql injection (Blind). It is possible to initiate the attack remotely.
cvss3_nvd_avNN
cvss3_nvd_acLL
cvss3_nvd_prNN
cvss3_nvd_uiNN
cvss3_nvd_sUU
cvss3_nvd_cHH
cvss3_nvd_iHH
cvss3_nvd_aHH
cvss2_nvd_avNN
cvss2_nvd_acLL
cvss2_nvd_auNN
cvss2_nvd_ciPP
cvss2_nvd_iiPP
cvss2_nvd_aiPP
cvss3_cna_avNN
cvss3_cna_acLL
cvss3_cna_prLL
cvss3_cna_uiNN
cvss3_cna_sUU
cvss3_cna_cLL
cvss3_cna_iLL
cvss3_cna_aLL
cve_cnaVulDBVulDB
cvss2_nvd_basescore7.57.5
cvss3_nvd_basescore9.89.8
cvss3_cna_basescore6.36.3

PreviousOverviewNext

Might our Artificial Intelligence support you?

Check our Alexa App!