Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (Generic)  >   webAuction Vendors:
webAuction Lets Remote Users Delete Auction Items
SecurityTracker Alert ID:  1010511
SecurityTracker URL:
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Jun 17 2004
Impact:   Modification of user information

Version(s): 2_1
Description:   Some vulnerabilities were reported in webAuction. A remote authenticated user can delete items on the auction site.

Philipp Krammer reported that some of the pages allow users to delete items regardless of the user's privileges. The report implied that other problems may also exist.

Impact:   A remote authenticated user can delete auction items.
Solution:   No solution was available at the time of this entry.
Vendor URL: (Links to External Site)
Cause:   Authentication error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   None.

 Source Message Contents

Subject:  webauction

while doing security reviews for a client i found code originating from (v2_1) to be severely lacking. e.g. several parts
(del,del_views) allow deletion of items regardless of userid.
the software seems to be unmaintained by now (no response/updates) but being 
made aware of other people using their code it's probably better for this to be

Philipp Krammer


Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, LLC