CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

582 matches found

CNVD•added 2018/07/12 12:0 a.m.•1 views

PHP Scripts Mall Auditor Website Cross-Site Scripting Vulnerability

PHP Scripts Mall Auditor Website is an accounting auditor website system script by PHP Scripts Mall India. A cross-site scripting vulnerability exists in PHP Scripts Mall Auditor Website version 2.0.1. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML with th...

6.1CVSS6AI score0.00234EPSS

Exploits4References1

NVD•added 2018/07/09 12:29 p.m.•9 views

CVE-2018-13256

PHP Scripts Mall Auditor Website 2.0.1 has XSS via the lastname or firstname parameter...

6.1CVSS6.1AI score0.00234EPSS

Exploits4References2

Cvelist•added 2018/07/09 12:0 p.m.•11 views

CVE-2018-13256

PHP Scripts Mall Auditor Website 2.0.1 has XSS via the lastname or firstname parameter...

6.1AI score0.00234EPSS

Exploits4References2

CVE•added 2018/07/09 12:0 p.m.•41 views

CVE-2018-13256

The CVE-2018-13256 issue affects the PHP Scripts Mall Auditor Website 2.0.1, where the firstname and lastname parameters are vulnerable to Cross‑Site Scripting (XSS). The connected sources describe both reflected and stored XSS vectors demonstrated in PoCs/exploits for version 2.0.1, confirming a...

6.1CVSS6AI score0.00234EPSS

Exploits4References2Affected Software1

CNVD•added 2018/06/11 12:0 a.m.•1 views

Schools Alert Management Script SQL Injection Vulnerability (CNVD-2018-11371)

PHP Scripts Mall Schools Alert Management Script is a school management system script by PHP Scripts Mall India. A SQL injection vulnerability exists in PHP Scripts Mall Schools Alert Management Script. A remote attacker can exploit this vulnerability by executing arbitrary SQL commands with the...

9.8CVSS8.5AI score0.02537EPSS

Exploits5References1

NVD•added 2018/06/08 11:29 a.m.•8 views

CVE-2018-12055

Multiple SQL Injections exist in PHP Scripts Mall Schools Alert Management Script via crafted POST data in contactus.php, faq.php, about.php, photogallery.php, privacy.php, and so on...

9.8CVSS9.7AI score0.02114EPSS

Exploits5References2

NVD•added 2018/06/08 11:29 a.m.•10 views

CVE-2018-12051

Arbitrary File Upload and Remote Code Execution exist in PHP Scripts Mall Schools Alert Management Script via $FILE in /webmasterst/general.php, as demonstrated by a .php file with the image/jpeg content type...

9.8CVSS9.8AI score0.02322EPSS

Exploits1References1

NVD•added 2018/06/08 11:29 a.m.•12 views

CVE-2018-12052

SQL Injection exists in PHP Scripts Mall Schools Alert Management Script via the q Parameter in getsec.php...

9.8CVSS9.9AI score0.02537EPSS

Exploits5References2

Prion•added 2018/06/08 11:29 a.m.•10 views

Remote code execution

7.5CVSS9.7AI score0.02322EPSS

Exploits1References1

NVD•added 2018/06/08 11:29 a.m.•15 views

CVE-2018-12054

Arbitrary File Read exists in PHP Scripts Mall Schools Alert Management Script via the f parameter in img.php, aka absolute path traversal...

7.5CVSS7.5AI score0.8551EPSS

Exploits4References2

Prion•added 2018/06/08 11:29 a.m.•14 views

Directory traversal

Arbitrary File Deletion exists in PHP Scripts Mall Schools Alert Management Script via the img parameter in deleteimg.php by using directory traversal...

6.4CVSS7.6AI score0.43844EPSS

Exploits5References2

Prion•added 2018/06/08 11:29 a.m.•12 views

Path traversal

Arbitrary File Read exists in PHP Scripts Mall Schools Alert Management Script via the f parameter in img.php, aka absolute path traversal...

5CVSS7.5AI score0.8551EPSS

Exploits4References2

NVD•added 2018/06/08 11:29 a.m.•8 views

CVE-2018-12053

Arbitrary File Deletion exists in PHP Scripts Mall Schools Alert Management Script via the img parameter in deleteimg.php by using directory traversal...

7.5CVSS7.6AI score0.43844EPSS

Exploits5References2

Prion•added 2018/06/08 11:29 a.m.•12 views

Sql injection

SQL Injection exists in PHP Scripts Mall Schools Alert Management Script via the q Parameter in getsec.php...

7.5CVSS9.9AI score0.02537EPSS

Exploits5References2

CVE•added 2018/06/08 11:0 a.m.•37 views

CVE-2018-12051

CVE-2018-12051 affects the PHP Scripts Mall Schools Alert Management Script. The vulnerability allows an attacker to upload arbitrary files and execute code remotely via the $_FILE handling in /webmasterst/general.php, demonstrated by a crafted .php file with an image/jpeg content type. Documente...

9.8CVSS9.6AI score0.02322EPSS

Exploits1References1Affected Software1

Cvelist•added 2018/06/08 11:0 a.m.•10 views

CVE-2018-12053

Arbitrary File Deletion exists in PHP Scripts Mall Schools Alert Management Script via the img parameter in deleteimg.php by using directory traversal...

7.5AI score0.43844EPSS

Exploits5References2

CVE•added 2018/06/08 11:0 a.m.•54 views

CVE-2018-12053

CVE-2018-12053 affects the PHP Scripts Mall Schools Alert Management Script. Affected component: delete_img.php; vuln via the img parameter allowing directory traversal, enabling arbitrary file deletion. Public PoCs/exploits demonstrate accessing /delete_img.php?img=./uploads/school_logos/1528_x1...

7.5CVSS7.5AI score0.43844EPSS

Exploits5References2Affected Software1

Cvelist•added 2018/06/08 11:0 a.m.•11 views

CVE-2018-12052

SQL Injection exists in PHP Scripts Mall Schools Alert Management Script via the q Parameter in getsec.php...

10AI score0.02537EPSS

Exploits5References2

Cvelist•added 2018/06/08 11:0 a.m.•16 views

CVE-2018-12054

Arbitrary File Read exists in PHP Scripts Mall Schools Alert Management Script via the f parameter in img.php, aka absolute path traversal...

7.5AI score0.8551EPSS

Exploits4References2

CVE•added 2018/06/08 11:0 a.m.•65 views

CVE-2018-12055

CVE-2018-12055 affects PHP Scripts Mall Schools Alert Management Script. The vulnerability is a SQL injection in multiple CGI endpoints (contact_us.php, faq.php, about.php, photo_gallery.php, privacy.php, etc.) triggered by crafted POST data, allowing an attacker to execute arbitrary SQL commands...

9.8CVSS9.7AI score0.02114EPSS

Exploits5References2Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by