Lucene search

Advanced Real Estate Script Security Vulnerabilities

cve

CVE-2017-17603

Advanced Real Estate Script 4.0.7 has SQL Injection via the search-results.php Projectmain, proj_type, searchtext, sell_price, or maxprice parameter.

9.8CVSS

9.9AI Score

0.002EPSS

2017-12-13 09:29 AM

cve

CVE-2018-15187

PHP Scripts Mall advanced-real-estate-script 4.0.9 has CSRF via edit-profile.php.

8CVSS

7.9AI Score

0.001EPSS

2018-08-10 03:29 PM

cve

CVE-2018-15188

PHP Scripts Mall advanced-real-estate-script 4.0.9 allows remote attackers to cause a denial of service (page structure loss) via crafted JavaScript code in the Name field of a profile.

6.5CVSS

6.5AI Score

0.001EPSS

2018-08-10 03:29 PM

cve

CVE-2018-15189

PHP Scripts Mall advanced-real-estate-script has XSS via the Name field of a profile.

5.4CVSS

5.3AI Score

0.001EPSS

2018-08-10 03:29 PM

cve

CVE-2018-5072

Online Ticket Booking has XSS via the admin/sitesettings.php keyword parameter.

4.8CVSS

4.9AI Score

0.001EPSS

2022-10-03 04:22 PM

cve

CVE-2018-5073

Online Ticket Booking has CSRF via admin/movieedit.php.

6.8CVSS

6.7AI Score

0.001EPSS

2022-10-03 04:22 PM

cve

CVE-2018-5074

Online Ticket Booking has XSS via the admin/manageownerlist.php contact parameter.

4.8CVSS

4.9AI Score

0.001EPSS

2022-10-03 04:22 PM

cve

CVE-2018-5075

Online Ticket Booking has XSS via the admin/snacks_edit.php snacks_name parameter.

4.8CVSS

4.9AI Score

0.001EPSS

2022-10-03 04:22 PM

cve

CVE-2018-5076

Online Ticket Booking has XSS via the admin/newsedit.php newstitle parameter.

4.8CVSS

4.9AI Score

0.001EPSS

2022-10-03 04:22 PM

cve

CVE-2018-5077

Online Ticket Booking has XSS via the admin/movieedit.php moviename parameter.

4.8CVSS

4.9AI Score

0.001EPSS

2022-10-03 04:22 PM

cve

CVE-2018-5078

Online Ticket Booking has XSS via the admin/eventlist.php cast parameter.

4.8CVSS

4.9AI Score

0.001EPSS

2022-10-03 04:22 PM

cve

CVE-2019-20336

In PHP Scripts Mall advanced-real-estate-script 4.0.9, the search-results.php searchtext parameter is vulnerable to XSS.

6.1CVSS

6.3AI Score

0.001EPSS

2020-01-05 10:15 PM

cve

CVE-2019-20337

In PHP Scripts Mall advanced-real-estate-script 4.0.9, the news_edit.php news_id parameter is vulnerable to SQL Injection.

7.2CVSS

7.2AI Score

0.001EPSS

2020-01-05 10:15 PM