PHP Scripts Mall Single Theater Booking Cross-Site Scripting Vulnerability (CNVD-2018-00498)

PHP Scripts Mall Single Theater Booking is an open source theater script. A cross-site scripting vulnerability exists in PHP Scripts Mall Single Theater Booking. A remote attacker can inject arbitrary web script or HTML by sending the 'title' parameter to the admin/sitesettings.php file...

PHP Scripts Mall Professional Service Script Cross-Site Scripting Vulnerability (CNVD-2018-00494)

Professional Service Script is a script from PHP Scripts Mall with search, task creation and task management features. A cross-site scripting vulnerability exists in PHP Scripts Mall Professional Service Script. A remote attacker can exploit this vulnerability via the admin/generalsettingupd.php...

CVE-2017-17925

PHP Scripts Mall Professional Service Script has XSS via the admin/generalsettingupd.php websitetitle parameter...

CVE-2017-17926

PHP Scripts Mall Professional Service Script has a predicable registration URL, which makes it easier for remote attackers to register with an invalid or spoofed e-mail address...

CVE-2017-17924

PHP Scripts Mall Professional Service Script allows remote attackers to obtain sensitive full-path information via the id parameter to admin/reviewuserwise.php...

CVE-2017-17905

PHP Scripts Mall Car Rental Script has CSRF via admin/sitesettings.php...

CVE-2017-17931

PHP Scripts Mall Resume Clone Script has SQL Injection via the forget.php username parameter...

CVE-2017-17929

PHP Scripts Mall Professional Service Script has XSS via the admin/bannerview.php view parameter...

CVE-2017-17907

PHP Scripts Mall Car Rental Script has XSS via the admin/areaedit.php carid parameter or the admin/sitesettings.php websitename parameter...

CVE-2017-17905

PHP Scripts Mall Car Rental Script has CSRF via admin/sitesettings.php...

CVE-2017-17928

PHP Scripts Mall Professional Service Script has SQL injection via the admin/review.php id parameter...

CVE-2017-17906

PHP Scripts Mall Car Rental Script has SQL Injection via the admin/carlistedit.php carid parameter...

CVE-2017-17908

PHP Scripts Mall Responsive Realestate Script has CSRF via admin/general...

CVE-2017-17927

PHP Scripts Mall Professional Service Script allows remote attackers to obtain sensitive full-path information via a crafted PATHINFO to service-list/category/...

CVE-2017-17930

PHP Scripts Mall Professional Service Script has CSRF via admin/generalsettingupd.php, as demonstrated by modifying a setting in the user panel...

CVE-2017-17908

PHP Scripts Mall Responsive Realestate Script has CSRF via admin/general...

CVE-2017-17907

PHP Scripts Mall Car Rental Script has XSS via the admin/areaedit.php carid parameter or the admin/sitesettings.php websitename parameter...

Sql injection

PHP Scripts Mall Resume Clone Script has SQL Injection via the forget.php username parameter...

Code injection

PHP Scripts Mall Professional Service Script has XSS via the admin/generalsettingupd.php websitetitle parameter...

Sql injection

PHP Scripts Mall Car Rental Script has SQL Injection via the admin/carlistedit.php carid parameter...