Cross site request forgery (csrf)

PHP Scripts Mall PHP Multivendor Ecommerce has CSRF via admin/sellerupd.php...

CVE-2017-17956

PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the admin/sellerupd.php companyname parameter...

CVE-2017-17956

PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the admin/sellerupd.php companyname parameter...

CVE-2017-17952

The CVE-2017-17952 entry concerns PHP Scripts Mall PHP Multivendor Ecommerce, where a predicable registration URL enables remote attackers to complete registrations using invalid or spoofed email addresses. Connected sources (Red Hat, CNVD, CNVD CNVD-2018, PRION, CVE lists, etc.) corroborate the ...

CVE-2017-17954

The vulnerability concerns PHP Scripts Mall PHP Multivendor Ecommerce. A cross-site scripting (XSS) flaw exists in the seller-view.php usid parameter. The available documents identify the affected software and the vulnerable parameter but do not provide details on root-cause specifics beyond XSS,...

CVE-2017-17959

The CVE-2017-17959 vulnerability affects PHP Scripts Mall PHP Multivendor Ecommerce and is caused by a SQL Injection in the seller-view.php usid parameter. The issue has publicly reported impact metrics: CVSS v2 base score 7.5 (HIGH) with network attack vector, low complexity, and partial confide...

CVE-2017-17952

PHP Scripts Mall PHP Multivendor Ecommerce has a predicable registration URL, which makes it easier for remote attackers to register with an invalid or spoofed e-mail address...

CVE-2017-17951

The CVE-2017-17951 entry concerns PHP Scripts Mall PHP Multivendor Ecommerce, with a documented SQL Injection vulnerability in the shopping-cart.php cusid parameter. The issue is a SQL injection in the cart flow likely due to improper handling of the cusid input in SQL queries (root cause: unsafe...

CVE-2017-17940

PHP Scripts Mall Single Theater Booking has XSS via the title parameter to admin/sitesettings.php...

Sql injection

PHP Scripts Mall Single Theater Booking has SQL Injection via the admin/movieview.php movieid parameter...

Design/Logic Flaw

PHP Scripts Mall Single Theater Booking has XSS via the admin/viewtheatre.php theatreid parameter...

CVE-2017-17938

PHP Scripts Mall Single Theater Booking has XSS via the admin/viewtheatre.php theatreid parameter...

CVE-2017-17939

PHP Scripts Mall Single Theater Booking has CSRF via admin/sitesettings.php...

CVE-2017-17941

PHP Scripts Mall Single Theater Booking has SQL Injection via the admin/movieview.php movieid parameter...

CVE-2017-17938

PHP Scripts Mall Single Theater Booking has XSS via the admin/viewtheatre.php theatreid parameter...

CVE-2017-17940

PHP Scripts Mall Single Theater Booking has XSS via the title parameter to admin/sitesettings.php...

CVE-2017-17939

The CVE-2017-17939 entry relates to PHP Scripts Mall Single Theater Booking and describes a Cross-Site Request Forgery (CSRF) vulnerability in the admin/sitesettings.php page. The affected software/component is PHP Scripts Mall Single Theater Booking; the underlying issue is CSRF that allows an a...

PHP Scripts Mall Professional Service Script Information Disclosure Vulnerability

Professional Service Script is a script from PHP Scripts Mall with search, task creation and task management features. An information disclosure vulnerability exists in PHP Scripts Mall Professional Service Script. A remote attacker can exploit the vulnerability by sending PATHINFO via a speciall...

PHP Scripts Mall Professional Service Script Predictable Registration URL Vulnerability

Professional Service Script is a script from PHP Scripts Mall with search, task creation and task management features. A predictable registration URL vulnerability exists in PHP Scripts Mall Professional Service Script. A remote attacker could exploit this vulnerability to register with an invali...

PHP Scripts Mall Single Theater Booking Cross-Site Scripting Vulnerability

PHP Scripts Mall Single Theater Booking is an open source theater script. A cross-site scripting vulnerability exists in PHP Scripts Mall Single Theater Booking. A remote attacker can inject arbitrary web script or HTML by sending the 'theaterid' parameter to the admin/viewtheatre.php file...