Nils Stünkel

Name of the Vulnerable Software and Affected Versions: WeBid versions up to 1.2.2 Description: The issue allows for Javascript execution in the user's browser and injection of malicious markup into the page due to a Cross Site Scripting (XSS) vulnerability in files such as `user login.php` and `register.php`. This can be exploited when a victim user clicks a malicious link. Recommendations: For WeBid versions up to 1.2.2, update to a version that includes the fix committed after 256a5f9d3eafbc477dcf77c7682446cc4b449c7f to resolve the issue. As a temporary workaround, consider avoiding clicks on suspicious links to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: WeBid versions up to 1.2.2 Description: The issue concerns a Directory Traversal vulnerability in the getthumb.php file, which can lead to Arbitrary Image File Read. This can be exploited via an HTTP GET Request. Recommendations: For WeBid versions up to 1.2.2, update to a version that includes the fix committed after 256a5f9d3eafbc477dcf77c7682446cc4b449c7f to resolve the issue. As a temporary workaround, consider restricting access to the getthumb.php file until the update is applied.