1161 matches found
Cross site request forgery (csrf)
PHP Scripts Mall Car Rental Script has CSRF via admin/sitesettings.php...
Sql injection
PHP Scripts Mall Resume Clone Script has SQL Injection via the forget.php username parameter...
Code injection
PHP Scripts Mall Professional Service Script has XSS via the admin/bannerview.php view parameter...
Cross site request forgery (csrf)
PHP Scripts Mall Professional Service Script has CSRF via admin/generalsettingupd.php, as demonstrated by modifying a setting in the user panel...
Sql injection
PHP Scripts Mall Professional Service Script has SQL injection via the admin/review.php id parameter...
Design/Logic Flaw
PHP Scripts Mall Car Rental Script has XSS via the admin/areaedit.php carid parameter or the admin/sitesettings.php websitename parameter...
Code injection
PHP Scripts Mall Professional Service Script has XSS via the admin/generalsettingupd.php websitetitle parameter...
Sql injection
PHP Scripts Mall Car Rental Script has SQL Injection via the admin/carlistedit.php carid parameter...
CVE-2017-17926
PHP Scripts Mall Professional Service Script has a predicable registration URL, which makes it easier for remote attackers to register with an invalid or spoofed e-mail address...
CVE-2017-17930
PHP Scripts Mall Professional Service Script has CSRF via admin/generalsettingupd.php, as demonstrated by modifying a setting in the user panel...
CVE-2017-17928
PHP Scripts Mall Professional Service Script has SQL injection via the admin/review.php id parameter...
CVE-2017-17924
PHP Scripts Mall Professional Service Script allows remote attackers to obtain sensitive full-path information via the id parameter to admin/reviewuserwise.php...
CVE-2017-17926
CVE-2017-17926 concerns the PHP Scripts Mall Professional Service Script, where a predictable registration URL enables remote attackers to create accounts using invalid or spoofed email addresses. The description across multiple connected documents consistently identifies the vulnerability as a p...
CVE-2017-17927
PHP Scripts Mall Professional Service Script allows remote attackers to obtain sensitive full-path information via a crafted PATHINFO to service-list/category/...
CVE-2017-17931
PHP Scripts Mall Resume Clone Script has SQL Injection via the forget.php username parameter...
CVE-2017-17925
PHP Scripts Mall Professional Service Script has XSS via the admin/generalsettingupd.php websitetitle parameter...
CVE-2017-17929
PHP Scripts Mall Professional Service Script has XSS via the admin/bannerview.php view parameter...
CVE-2017-17930
The affected software is PHP Scripts Mall Professional Service Script. It contains a Cross-Site Request Forgery (CSRF) vulnerability exploitable via admin/general_settingupd.php, demonstrated by changing a setting in the user panel. The root cause and specific impact details are described across ...
CVE-2017-17929
The CVE concerns PHP Scripts Mall Professional Service Script. Affected component: admin/bannerview.php with the view parameter vulnerable to XSS. This is described across multiple sources as a cross-site scripting vulnerability in the Professional Service Script, enabling script execution via th...
CVE-2017-17928
The CVE-2017-17928 entry concerns PHP Scripts Mall Professional Service Script. It describes an SQL injection vulnerability in the admin/review.php endpoint triggered via the id parameter, allowing an attacker to manipulate queries. Connected CNVD/NVD records corroborate a SQL injection vulnerabi...