GCVE - cpe:2.3:a:activewebsoftwares:active_bids:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:activewebsoftwares:active_bids:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Activewebsoftwares (`f11ca31e-af82-5131-8708-9194844b8974`)
Product	Active Bids (`bc3e405a-f559-5edf-87d5-f58e9b75ad38`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2009-4229`	vulnerable	2026-06-03 14:29:56.896355	Details available Multiple SQL injection vulnerabilities in ActiveWebSoftwares Active Bids allow remote attackers to execute arbitrary SQL commands via (1) the catid parameter in the PATH_INFO to the default URI or (2) the catid parameter to default.asp. NOTE: this might overlap CVE-2009-0429.3. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Published: 2009-12-08T19:00:00.000Z Updated: 2024-08-07T06:54:10.163Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/37047 https://exchange.xforce.ibmcloud.com/vulnerabilities/54486	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2009-0430`	vulnerable	2026-06-03 14:29:24.152008	Details available Multiple cross-site scripting (XSS) vulnerabilities in Active Bids allow remote attackers to inject arbitrary web script or HTML via the (1) search parameter to search.asp and the (2) URL parameter to tellafriend.asp. Published: 2009-02-05T00:00:00.000Z Updated: 2024-08-07T04:31:26.375Z Open on db.gcve.eu Reference links http://www.securityfocus.com/archive/1/500144/100/0/threaded http://www.securityfocus.com/bid/33306	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2009-0429`	vulnerable	2026-06-03 14:29:24.151654	Details available Multiple SQL injection vulnerabilities in Active Bids allow remote attackers to execute arbitrary SQL commands via the (1) search parameter to search.asp, (2) SortDir parameter to auctionsended.asp, and the (3) catid parameter to wishlist.php. Published: 2009-02-05T00:00:00.000Z Updated: 2024-08-07T04:31:26.214Z Open on db.gcve.eu Reference links http://www.securityfocus.com/archive/1/500144/100/0/threaded http://www.securityfocus.com/bid/33306	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.