Donate Telegram

CVE-2005-3937

NONE EPSS 0.63%

Dec 01, 2005

Updated Apr 03, 2026

Softbiz

Parameter	Value
Affected Versions	before 1.1
Vendor	Softbiz
Public PoC	No

SQL injection vulnerability in Softbiz B2B Trading Marketplace Script 1.1 and earler allows remote attackers to execute arbitrary SQL commands via the cid parameter in (1) selloffers.php, (2) buyoffers.php, (3) products.php, or (4) profiles.php.

Vulnerable Products 1

Configuration	From (including)	Up to (excluding)
Softbiz B2b_Trading_Marketplace_Script cpe:2.3:a:softbiz:b2b_trading_marketplace_script::::::::	—	`<= 1.1`

References 7

http://pridels0.blogspot.com/2005/11/softbiz-b2b-trading-marketplace-script.html

http://secunia.com/advisories/17808

http://www.osvdb.org/21252

http://www.osvdb.org/21253

http://www.osvdb.org/21254

http://www.osvdb.org/21255

http://www.securityfocus.com/bid/15652

Share Post Share Share Share

Related Vulnerabilities

CVE-2009-2790

Softbiz

CVE-2008-3511

Softbiz

CVE-2008-2087

Softbiz

CVE-2008-1050

Softbiz

CVE-2007-6124

Softbiz

CVE Details

CVE ID

CVE-2005-3937

Published Date

Dec 01, 2005

Vendor

Softbiz

Severity

NONE

Exploit Prediction (EPSS)

Probability of Exploit 0.63%

Likelihood of exploitation in next 30 days

Percentile: 70.3th percentile (higher than 70.3% of all CVEs)

Standard patching cycle

Impact

Minimal impact

Source

Editor's Choice