CVE-2005-3937

SQL injection vulnerability in Softbiz B2B Trading Marketplace Script 1.1 and earler allows remote attackers to execute arbitrary SQL commands via the cid parameter in (1) selloffers.php, (2) buyoffers.php, (3) products.php, or (4) profiles.php.

cvss

common vulnerability scoring system v3.1. measures intrinsic severity on a 0-10 scale.

epss 0.0063

exploitation prediction scoring system. probability this vulnerability will be exploited in the wild in the next 30 days.

kev no

cisa known exploited vulnerabilities catalog. confirmed active exploitation.

exploitation detection attribution advisories media timeline

activity density

rdintel assessment

public exploit available. prioritize patching.

composite score from 15+ signals including exploitation status, epss probability, detection coverage, and community attention. 0-100 scale.

exploitation

actively exploited

Vendor - Product Name

Apply vendor-provided patches

poc repositories (3)

researcher/exploit-poc - 42 stars - Python

security-lab/cve-checker - 18 stars - Go

detection

nuclei-template-id - critical - by projectdiscovery

sigma-rule-title - high - windows

timeline

2024-01-15 - published - CVE record created

2024-01-18 - poc - First exploit code published

2024-01-20 - kev - Added to known exploited

pocs, detection rules, timeline, advisories, and more