http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200505-357

phpbb-Auction存在多个SQL注入漏洞。远程攻击者可以通过(1)auction_rating.php的u参数或(2)action_offer.php的ar参数，执行任意SQL命令。

来源:SECUNIA
名称:15029
链接:http://secunia.com/advisories/15029
来源:XF
名称:phpbb-auction-sql-injection(20203)
链接:http://xforce.iss.net/xforce/xfdb/20203
来源:MISC
链接:http://www.snkenjoi.com/secadv/secadv9.txt
来源:BID
名称:13284
链接:http://www.securityfocus.com/bid/13284
来源:BID
名称:13283
链接:http://www.securityfocus.com/bid/13283
来源:www.phpbb-auction.com
链接:http://www.phpbb-auction.com/sutra5600.html
来源:OSVDB
名称:15705
链接:http://www.osvdb.org/15705
来源:OSVDB
名称:15704
链接:http://www.osvdb.org/15704
来源:SECTRACK
名称:1013779
链接:http://securitytracker.com/id?1013779
来源:BUGTRAQ
名称:20060725PHP-AuctionSQLinjection
链接:http://www.securityfocus.com/archive/1/archive/1/441190/100/0/threaded
来源:MISC
链接:http://www.aria-security.net/advisory/phpauction.txt