CVE-2017-17926

PHP Scripts Mall Professional Service Script has a predicable registration URL, which makes it easier for remote attackers to register with an invalid or spoofed e-mail address...

CVE-2017-17929

PHP Scripts Mall Professional Service Script has XSS via the admin/bannerview.php view parameter...

CVE-2017-17930

PHP Scripts Mall Professional Service Script has CSRF via admin/generalsettingupd.php, as demonstrated by modifying a setting in the user panel...

CVE-2017-17931

PHP Scripts Mall Resume Clone Script has SQL Injection via the forget.php username parameter...

CVE-2017-17928

PHP Scripts Mall Professional Service Script has SQL injection via the admin/review.php id parameter...

CVE-2017-17924

PHP Scripts Mall Professional Service Script allows remote attackers to obtain sensitive full-path information via the id parameter to admin/reviewuserwise.php...

CVE-2017-17926

CVE-2017-17926 concerns the PHP Scripts Mall Professional Service Script, where a predictable registration URL enables remote attackers to create accounts using invalid or spoofed email addresses. The description across multiple connected documents consistently identifies the vulnerability as a p...

CVE-2017-17930

The affected software is PHP Scripts Mall Professional Service Script. It contains a Cross-Site Request Forgery (CSRF) vulnerability exploitable via admin/general_settingupd.php, demonstrated by changing a setting in the user panel. The root cause and specific impact details are described across ...

CVE-2017-17929

The CVE concerns PHP Scripts Mall Professional Service Script. Affected component: admin/bannerview.php with the view parameter vulnerable to XSS. This is described across multiple sources as a cross-site scripting vulnerability in the Professional Service Script, enabling script execution via th...

CVE-2017-17928

The CVE-2017-17928 entry concerns PHP Scripts Mall Professional Service Script. It describes an SQL injection vulnerability in the admin/review.php endpoint triggered via the id parameter, allowing an attacker to manipulate queries. Connected CNVD/NVD records corroborate a SQL injection vulnerabi...

CVE-2017-17925

Summary: CVE-2017-17925 affects the PHP Scripts Mall Professional Service Script. The vulnerability is an XSS flaw in the admin/general_settingupd.php endpoint, specifically via the website_title parameter. This is documented across multiple sources (NVD and CNVD entries) as a cross-site scriptin...

CVE-2017-17924

The CVE-2017-17924 vulnerability affects PHP Scripts Mall Professional Service Script, enabling information disclosure: remote attackers can obtain sensitive full-path information via the id parameter in admin/review_userwise.php. Root cause is improper handling of the id parameter, leading to ex...

CVE-2017-17927

PHP Scripts Mall Professional Service Script allows remote attackers to obtain sensitive full-path information via a crafted PATHINFO to service-list/category/...

CVE-2017-17925

PHP Scripts Mall Professional Service Script has XSS via the admin/generalsettingupd.php websitetitle parameter...

PHP Scripts Mall Responsive Realestate Script Cross-Site Scripting Vulnerability

Responsive Realestate Script is a script for building real estate websites. A cross-site scripting vulnerability exists in PHP Scripts Mall Responsive Realestate Script. A remote attacker can inject arbitrary web script or HTML by sending the 'gplus' parameter to the admin/general.php file...

CVE-2017-17905

PHP Scripts Mall Car Rental Script has CSRF via admin/sitesettings.php...

CVE-2017-17907

PHP Scripts Mall Car Rental Script has XSS via the admin/areaedit.php carid parameter or the admin/sitesettings.php websitename parameter...

CVE-2017-17908

PHP Scripts Mall Responsive Realestate Script has CSRF via admin/general...

CVE-2017-17909

PHP Scripts Mall Responsive Realestate Script has XSS via the admin/general.php gplus parameter...

CVE-2017-17906

PHP Scripts Mall Car Rental Script has SQL Injection via the admin/carlistedit.php carid parameter...