582 matches found
Directory traversal
PHP Scripts Mall Car Rental Script 2.0.8 has directory traversal via a direct request for a listing of an image directory such as an images/ directory...
Cross site scripting
PHP Scripts Mall Advance B2B Script 2.1.4 has stored Cross-Site Scripting XSS via the FIRST NAME or LAST NAME field...
Cross site request forgery (csrf)
PHP Scripts Mall Car Rental Script 2.0.8 has Cross-Site Request Forgery CSRF via accountedit.php...
Path traversal
PHP Scripts Mall Website Seller Script 2.0.5 allows full Path Disclosure via a request for an arbitrary image URL such as a .png file...
PHP Scripts Mall Advance B2B Script Cross-Site Request Forgery Vulnerability
PHP Scripts Mall Advance B2B Script is a set of PHP-based scripts for B2B business-to-business trading websites. PHP Scripts Mall Advance B2B Script 2.1.4 suffers from a cross-site request forgery vulnerability that can be exploited via the Edit Profile feature...
PHP Scripts Mall Advance B2B Script Directory Traversal Vulnerability
PHP Scripts Mall Advance B2B Script is a set of PHP-based scripts for B2B business-to-business trading websites. PHP Scripts Mall Advance B2B Script 2.1.4 suffers from a directory traversal vulnerability, which can be exploited to achieve directory traversal by directly requesting an image...
CVE-2019-7437
CVE-2019-7437 affects PHP Scripts Mall Opensource Classified Ads Script 3.2.2 and is a reflected Cross-Site Scripting (XSS) vulnerability triggered via the Search field. The connected sources consistently describe the issue as a reflected XSS flaw in the search input, with no additional details o...
CVE-2019-7437
PHP Scripts Mall Opensource Classified Ads Script 3.2.2 has reflected Cross-Site Scripting XSS via the Search field...
CVE-2019-7436
PHP Scripts Mall Opensource Classified Ads Script 3.2.2 has directory traversal via a direct request for a listing of an uploads directory...
CVE-2019-7434
This CVE affects PHP Scripts Mall Rental Bike Script 2.0.3, where a directory traversal flaw allows listing of an uploads directory via a direct request. The root cause is improper validation of file paths, enabling access to sensitive upload contents. The connected documents confirm the same iss...
CVE-2019-7433
PHP Scripts Mall Rental Bike Script 2.0.3 has Cross-Site Request Forgery CSRF via the Edit Profile feature...
CVE-2019-7433
CVE-2019-7433 affects PHP Scripts Mall Rental Bike Script 2.0.3 and is described as a Cross-Site Request Forgery (CSRF) via the Edit Profile feature. The NVD entry lists impact metrics (CVSS v3 base score 8.8, HIGH) with network attack vector, low attack complexity, no privileges required, and us...
CVE-2019-7432
PHP Scripts Mall Rental Bike Script 2.0.3 has HTML injection via the STREET field in the Profile Edit section...
CVE-2019-7431
PHP Scripts Mall Image Sharing Script 1.3.4 has directory traversal via a direct request for a listing of an uploads directory...
CVE-2019-7431
CVE-2019-7431 affects PHP Scripts Mall Image Sharing Script 1.3.4. The vulnerability is a directory traversal vulnerability exploitable by a direct request to list the uploads directory, enabling access to directory contents. Public sources in the provided set corroborate a path traversal issue b...
CVE-2019-7430
PHP Scripts Mall Image Sharing Script 1.3.4 has HTML injection via the Search Bar...
CVE-2019-7429
PHP Scripts Mall Property Rental Software 2.1.4 has directory traversal via a direct request for a listing of an uploads directory such as the wp-content/uploads/2016/08 directory...
CVE-2018-20648
PHP Scripts Mall Car Rental Script 2.0.8 has Cross-Site Request Forgery CSRF via accountedit.php...
CVE-2018-20647
PHP Scripts Mall Car Rental Script 2.0.8 has directory traversal via a direct request for a listing of an image directory such as an images/ directory...
CVE-2018-20647
The CVE-2018-20647 entry concerns PHP Scripts Mall Car Rental Script 2.0.8, where a directory-traversal vulnerability exists in the handling of image directories (e.g., images/). The connected records confirm the affected product and the vulnerable component/behavior, but do not provide exploitat...