CVE-2018-1000867

Name of the Vulnerable Software and Affected Versions: WeBid versions up to 1.2.2

Description: The issue is related to a SQL Injection vulnerability in the All five yourauctions*.php scripts, which can result in Database Read via Blind SQL Injection. This attack appears to be exploitable via HTTP Request.

Recommendations: For WeBid versions up to 1.2.2, update to a version that includes the fix committed after 256a5f9d3eafbc477dcf77c7682446cc4b449c7f to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable yourauctions*.php scripts until a patch is available.