7.8 High
AI Score
Confidence
High
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.019 Low
EPSS
Percentile
88.5%
Cross-site scripting (XSS) vulnerability in AddAsset1.php in PHP/MySQL Classifieds (PHP Classifieds) allows remote attackers to execute arbitrary SQL commands via the (1) ProductName (“Title” field), (2) url, and (3) Description parameters, possibly related to issues in add1.php.
CPE | Name | Operator | Version |
---|---|---|---|
deltascripts:php_classifieds | deltascripts php classifieds | eq | 6.04 |
secunia.com/advisories/20880
securityreason.com/securityalert/1179
securitytracker.com/id?1016407
www.securityfocus.com/archive/1/438667/100/0/threaded
www.securityfocus.com/bid/18713
www.securityfocus.com/bid/18717
www.vupen.com/english/advisories/2006/2589
exchange.xforce.ibmcloud.com/vulnerabilities/27454