CVE-2005-2259

The dispallclosed2 function in dispallclosed.pl for multiple USANet Creations products, including (1) USANet Shopping Mall Software, (2) Domain Name Auction Software, (3) Standard Classified Ads Software, and (4) MakeBid Reverse Auction allows remote attackers to execute arbitrary code via shell metacharacters in the DISPCLOSED parameter.

Published: Jul 13, 2005
Updated: Apr 13, 2023
CVE: CVE-2005-2259
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 10
AV:N/AC:L/Au:N/C:C/I:C/A:C

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
usanet_creations / makebid_auction_standard	-	-
usanet_creations / makebid_reverse_auction	-	-
usanet_creations / makebid_auction_deluxe	3.30	3.30.x
usanet_creations / standard_classified_ads	-	-
usanet_creations / usanet_shopping_mall	-	-
usanet_creations / domain_name_auction	-	-
usanet_creations / makebid_auction_deluxe	-	-

http://secunia.com/advisories/15985
http://securitytracker.com/id?1014411
http://www.securityfocus.com/bid/14179

Vulnerability Database

290,206

CVE-2005-2259