PHP Scripts Mall Professional Service Script Predictable Registration URL Vulnerability

Professional Service Script is a script from PHP Scripts Mall with search, task creation and task management features. A predictable registration URL vulnerability exists in PHP Scripts Mall Professional Service Script. A remote attacker could exploit this vulnerability to register with an invali...

PHP Scripts Mall Single Theater Booking Cross-Site Scripting Vulnerability (CNVD-2018-00498)

PHP Scripts Mall Single Theater Booking is an open source theater script. A cross-site scripting vulnerability exists in PHP Scripts Mall Single Theater Booking. A remote attacker can inject arbitrary web script or HTML by sending the 'title' parameter to the admin/sitesettings.php file...

CVE-2017-17907

PHP Scripts Mall Car Rental Script has XSS via the admin/areaedit.php carid parameter or the admin/sitesettings.php websitename parameter...

CVE-2017-17907

PHP Scripts Mall Car Rental Script has XSS via the admin/areaedit.php carid parameter or the admin/sitesettings.php websitename parameter...

CVE-2017-17906

PHP Scripts Mall Car Rental Script has SQL Injection via the admin/carlistedit.php carid parameter...

CVE-2017-17925

PHP Scripts Mall Professional Service Script has XSS via the admin/generalsettingupd.php websitetitle parameter...

CVE-2017-17927

PHP Scripts Mall Professional Service Script allows remote attackers to obtain sensitive full-path information via a crafted PATHINFO to service-list/category/...

CVE-2017-17905

PHP Scripts Mall Car Rental Script has CSRF via admin/sitesettings.php...

CVE-2017-17926

PHP Scripts Mall Professional Service Script has a predicable registration URL, which makes it easier for remote attackers to register with an invalid or spoofed e-mail address...

CVE-2017-17924

PHP Scripts Mall Professional Service Script allows remote attackers to obtain sensitive full-path information via the id parameter to admin/reviewuserwise.php...

CVE-2017-17928

PHP Scripts Mall Professional Service Script has SQL injection via the admin/review.php id parameter...

CVE-2017-17929

PHP Scripts Mall Professional Service Script has XSS via the admin/bannerview.php view parameter...

CVE-2017-17931

PHP Scripts Mall Resume Clone Script has SQL Injection via the forget.php username parameter...

CVE-2017-17930

PHP Scripts Mall Professional Service Script has CSRF via admin/generalsettingupd.php, as demonstrated by modifying a setting in the user panel...

CVE-2017-17908

PHP Scripts Mall Responsive Realestate Script has CSRF via admin/general...

CVE-2017-17908

PHP Scripts Mall Responsive Realestate Script has CSRF via admin/general...

CVE-2017-17905

PHP Scripts Mall Car Rental Script has CSRF via admin/sitesettings.php...

Code injection

PHP Scripts Mall Professional Service Script has a predicable registration URL, which makes it easier for remote attackers to register with an invalid or spoofed e-mail address...

Cross site request forgery (csrf)

PHP Scripts Mall Responsive Realestate Script has CSRF via admin/general...

Code injection

PHP Scripts Mall Responsive Realestate Script has XSS via the admin/general.php gplus parameter...