CVE-2013-7193

Name of the Vulnerable Software and Affected Versions C2C Forward Auction Creator version 2.0

Description The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the pa parameter to the "auction/asp/list.asp" API endpoint, or the UserID or Password parameters to the "auction/casp/admin.asp" API endpoint.

Recommendations For version 2.0, update the software to prevent SQL injection attacks, specifically by validating and sanitizing user input for the pa parameter in "auction/asp/list.asp" and the UserID and Password parameters in "auction/casp/admin.asp". As a temporary workaround, consider restricting access to these API endpoints until a patch is available.