CVE-2017-17925

Summary: CVE-2017-17925 affects the PHP Scripts Mall Professional Service Script. The vulnerability is an XSS flaw in the admin/general_settingupd.php endpoint, specifically via the website_title parameter. This is documented across multiple sources (NVD and CNVD entries) as a cross-site scriptin...

CVE-2017-17924

The CVE-2017-17924 vulnerability affects PHP Scripts Mall Professional Service Script, enabling information disclosure: remote attackers can obtain sensitive full-path information via the id parameter in admin/review_userwise.php. Root cause is improper handling of the id parameter, leading to ex...

PHP Scripts Mall Responsive Realestate Script Cross-Site Scripting Vulnerability

Responsive Realestate Script is a script for building real estate websites. A cross-site scripting vulnerability exists in PHP Scripts Mall Responsive Realestate Script. A remote attacker can inject arbitrary web script or HTML by sending the 'gplus' parameter to the admin/general.php file...

CVE-2017-17905

PHP Scripts Mall Car Rental Script has CSRF via admin/sitesettings.php...

CVE-2017-17907

PHP Scripts Mall Car Rental Script has XSS via the admin/areaedit.php carid parameter or the admin/sitesettings.php websitename parameter...

CVE-2017-17908

PHP Scripts Mall Responsive Realestate Script has CSRF via admin/general...

CVE-2017-17909

PHP Scripts Mall Responsive Realestate Script has XSS via the admin/general.php gplus parameter...

CVE-2017-17906

PHP Scripts Mall Car Rental Script has SQL Injection via the admin/carlistedit.php carid parameter...

CVE-2017-17907

CVE-2017-17907 affects PHP Scripts Mall Car Rental Script and is an XSS vulnerability exploitable via the admin/areaedit.php?carid parameter or admin/sitesettings.php?websitename parameter. Public records describe reflected/stored XSS vectors in these parameters, enabling injecting HTML/JS conten...

CVE-2017-17906

PHP Scripts Mall Car Rental Script suffers an SQL Injection vulnerability in the admin/carlistedit.php carid parameter. The issue allows backend database manipulation, with high impact on confidentiality, integrity, and availability (CVSS v3.0 9.8). No remediation details are provided in the supp...

PHP Scripts Mall Readymade Video Sharing Script Cross-Site Scripting Vulnerability

PHP Scripts Mall Readymade Video Sharing Script is a set of PHP based online video sharing website scripts by PHP Scripts Mall India. A cross-site scripting vulnerability exists in PHP Scripts Mall Readymade Video Sharing Script. A remote attacker can send a 'search' parameter to the...

PHP Scripts Mall Readymade Job Site Script Cross-Site Scripting Vulnerability

PHP Scripts Mall Readymade Job Site Script is a PHP based job site script by PHP Scripts Mall India. The script includes features like job management, profile management and email notifications. A cross-site scripting vulnerability exists in PHP Scripts Mall Readymade Job Site Script. A remote...

PHP Scripts Mall Readymade Job Site Script Cross Site Request Forgery Vulnerability

PHP Scripts Mall Readymade Job Site Script is a PHP based job site script by PHP Scripts Mall India. The script includes features like job management, profile management and email notifications. A cross-site request forgery vulnerability exists in PHP Scripts Mall Readymade Job Site Script. A...

PHP Scripts Mall Readymade Video Sharing Script Cross-Site Request Forgery Vulnerability

PHP Scripts Mall Readymade Video Sharing Script is a set of PHP based online video sharing website scripts by PHP Scripts Mall India. A cross-site request forgery vulnerability exists in PHP Scripts Mall Readymade Video Sharing Script. A remote attacker can use the user-profile-edit.php file to...

PHP Scripts Mall Readymade Video Sharing Script SQL Injection Vulnerability

PHP Scripts Mall Readymade Video Sharing Script is a set of PHP based online video sharing website scripts by PHP Scripts Mall India. A SQL injection vulnerability exists in PHP Scripts Mall Readymade Video Sharing Script version 3.2. The vulnerability can be exploited by a remote attacker to...

PHP Scripts Mall Lawyer Search Script SQL Injection Vulnerability

PHP Scripts Mall Lawyer Search Script is a set of PHP based law firm management scripts by PHP Scripts Mall India. A SQL injection vulnerability exists in PHP Scripts Mall Lawyer Search Script version 1.1. A remote attacker can exploit this vulnerability by sending the 'city' parameter to...

PHP Scripts Mall MLM Forced Matrix SQL Injection Vulnerability

PHP Scripts Mall MLM Forced Matrix is a set of PHP based online marketing website scripts by PHP Scripts Mall India. A SQL injection vulnerability exists in PHP Scripts Mall MLM Forced Matrix version 2.0.9. A remote attacker can exploit the vulnerability by sending the 'newid' parameter to the...

PHP Scripts Mall Basic B2B Script SQL Injection Vulnerability

PHP Scripts Mall Basic B2B Script is a set of PHP-based B2B2 business-to-business transactional website scripts from PHP Scripts Mall India. A SQL injection vulnerability exists in PHP Scripts Mall Basic B2B Script version 2.0.8. A remote attacker can exploit the vulnerability by sending the 'id'...

PHP Scripts Mall Responsive Events And Movie Ticket Booking Script SQL Injection Vulnerability

PHP Scripts Mall Responsive Events And Movie Ticket Booking Script is a PHP based online movie ticket booking script by PHP Scripts Mall India. A SQL injection vulnerability exists in PHP Scripts Mall Responsive Events And Movie Ticket Booking Script version 3.2.1. The vulnerability can be...

PHP Scripts Mall Opensource Classified Ads Script SQL Injection Vulnerability

PHP Scripts Mall Opensource Classified Ads Script is a set of PHP based classifieds posting website scripts by PHP Scripts Mall India. A SQL injection vulnerability exists in PHP Scripts Mall Opensource Classified Ads Script version 3.2. A remote attacker can exploit this vulnerability by sending...