28 matches found
CVE-2017-17568
CVE-2017-17568 affects Scubez Posty Readymade Classifieds, with an incorrect access control flaw on the admin/user_activate_submit.php backend script. The underlying issue allows remote attackers to obtain sensitive information via a direct request. Documents indicate potential information disclo...
CVE-2017-17567
CVE-2017-17567 affects Scubez Posty Readymade Classifieds. A SQL injection exists in admin/user_activate_submit.php where the ID parameter is unsafely handled, enabling remote SQL command injection with no authentication and no user interaction. Documented impact includes HIGH confidentiality ris...
CVE-2017-17111
Posty Readymade Classifieds Script 1.0 allows an attacker to inject SQL commands via a listings.php?catid= or ads-details.php?ID= request...
CVE-2017-17111
Posty Readymade Classifieds Script 1.0 allows an attacker to inject SQL commands via a listings.php?catid= or ads-details.php?ID= request...
CVE-2017-17111
CVE-2017-17111 affects Posty Readymade Classifieds Script 1.0. Affected component: listings.php (catid parameter) and ads-details.php (ID parameter). Root cause: SQL injection due to insufficient input validation/sanitization in those endpoints, enabling an attacker to inject SQL commands via the...
CVE-2017-17111
Posty Readymade Classifieds Script 1.0 allows an attacker to inject SQL commands via a listings.php?catid= or ads-details.php?ID= request...
Posty 1.0 SQL Injection Vulnerability
Exploit for php platform in category web applications ======================================================== Posty SQL injection Authentication bypass Description : an attacker is able to inject malicious sql query to bypass the login page and login as normal user Proof of Concept : -...
Posty 1.0 SQL Injection
======================================================== Posty SQL injection Authentication bypass Description : an attacker is able to inject malicious sql query to bypass the login page and login as normal user Proof of Concept : - http://localhost/login.php set username and password = PCS00442...