CVE-2005-2252

Name of the Vulnerable Software and Affected Versions: PhpAuction version 2.5

Description: The issue allows remote attackers to bypass authentication and gain privileges as another user. This is achieved by setting the PHPAUCTION RM ID cookie to the user id.

Recommendations: For PhpAuction version 2.5, update the authentication mechanism to properly validate the PHPAUCTION RM ID cookie and ensure it cannot be manipulated to gain unauthorized access. As a temporary workaround, consider implementing additional validation checks on the user id parameter to minimize the risk of exploitation.