CVE-2002-0995

Name of the Vulnerable Software and Affected Versions: PHPAuction (affected versions not specified)

Description: The issue allows remote attackers to gain privileges by making a direct call to "login.php" with the action parameter set to "insert". This action adds the provided username to the adminUsers table.

Recommendations: For PHPAuction, to mitigate this issue, consider restricting access to the "login.php" endpoint, specifically when the action parameter is set to "insert", until a proper fix is implemented. As a temporary workaround, disabling the ability to add users to the adminUsers table via the "login.php" endpoint can help minimize the risk of exploitation.