9 matches found
FS Gigs Script SQL Injection Vulnerability
FS Gigs Script is an online free market creation software based on PHP and MySQL. A SQL injection vulnerability exists in FS Gigs Script version 1.0. A remote attacker can inject SQL commands by sending the 'sc' parameter to the browse-category.php file or the 'ser' parameter to the...
FS Thumbtack Clone SQL Injection Vulnerability
FS Thumbtack Clone is a suite of e-commerce web scripts based on PHP and MySQL. A SQL injection vulnerability exists in FS Thumbtack Clone version 1.0. A remote attacker can exploit this injected SQL command by sending the 'cat' parameter to the browse-category.php file or the 'sc' parameter to t...
CVE-2017-17589
FS Thumbtack Clone 1.0 has SQL Injection via the browse-category.php cat parameter or the browse-scategory.php sc parameter...
CVE-2017-17576
FS Gigs Script 1.0 has SQL Injection via the browse-category.php cat parameter, browse-scategory.php sc parameter, or service-provider.php ser parameter...
Sql injection
FS Gigs Script 1.0 has SQL Injection via the browse-category.php cat parameter, browse-scategory.php sc parameter, or service-provider.php ser parameter...
CVE-2017-17589
FS Thumbtack Clone 1.0 contains a SQL Injection vulnerability in browse-category.php (cat parameter) and browse-scategory.php (sc parameter). The root cause is improper input handling allowing an attacker to inject arbitrary SQL commands. Exploitation is evidenced by published PoC/exploit referen...
CVE-2017-17589
FS Thumbtack Clone 1.0 has SQL Injection via the browse-category.php cat parameter or the browse-scategory.php sc parameter...
FS Gigs Script 1.0 - 'cat' / 'sc' SQL Injection
Exploit Title: FS Gigs Script 1.0 - SQL Injection Dork: N/A Date: 08.12.2017 Vendor Homepage: https://fortunescripts.com/ Software Link: https://fortunescripts.com/product/gigs-script/ Demo: http://gigs.demonstration.co.in/ Version: 1.0 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in phpArcadeScript 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via 1 the gamename parameter in tellafriend.php, 2 the loginstatus parameter in loginbox.php, 3 the submissionstatus parameter in index.php, the 4...