Lucene search
+L

28 matches found

CVE
CVE
added 2017/12/13 9:0 a.m.60 views

CVE-2017-17568

CVE-2017-17568 affects Scubez Posty Readymade Classifieds, with an incorrect access control flaw on the admin/user_activate_submit.php backend script. The underlying issue allows remote attackers to obtain sensitive information via a direct request. Documents indicate potential information disclo...

7.5CVSS7.3AI score0.01384EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2017/12/13 9:0 a.m.56 views

CVE-2017-17567

CVE-2017-17567 affects Scubez Posty Readymade Classifieds. A SQL injection exists in admin/user_activate_submit.php where the ID parameter is unsafely handled, enabling remote SQL command injection with no authentication and no user interaction. Documented impact includes HIGH confidentiality ris...

7.5CVSS8AI score0.01145EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2017/12/11 5:29 p.m.3 views

CVE-2017-17111

Posty Readymade Classifieds Script 1.0 allows an attacker to inject SQL commands via a listings.php?catid= or ads-details.php?ID= request...

9.8CVSS5.8AI score0.088EPSS
Exploits2References2
NVD
NVD
added 2017/12/11 5:29 p.m.18 views

CVE-2017-17111

Posty Readymade Classifieds Script 1.0 allows an attacker to inject SQL commands via a listings.php?catid= or ads-details.php?ID= request...

9.8CVSS9.7AI score0.088EPSS
Exploits2References2
CVE
CVE
added 2017/12/11 5:0 p.m.50 views

CVE-2017-17111

CVE-2017-17111 affects Posty Readymade Classifieds Script 1.0. Affected component: listings.php (catid parameter) and ads-details.php (ID parameter). Root cause: SQL injection due to insufficient input validation/sanitization in those endpoints, enabling an attacker to inject SQL commands via the...

9.8CVSS9.5AI score0.088EPSS
Exploits2References2Affected Software1
Cvelist
Cvelist
added 2017/12/11 5:0 p.m.20 views

CVE-2017-17111

Posty Readymade Classifieds Script 1.0 allows an attacker to inject SQL commands via a listings.php?catid= or ads-details.php?ID= request...

9.7AI score0.088EPSS
Exploits2References2
0day.today
0day.today
added 2017/08/30 12:0 a.m.16 views

Posty 1.0 SQL Injection Vulnerability

Exploit for php platform in category web applications ======================================================== Posty SQL injection Authentication bypass Description : an attacker is able to inject malicious sql query to bypass the login page and login as normal user Proof of Concept : -...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2017/08/28 12:0 a.m.26 views

Posty 1.0 SQL Injection

======================================================== Posty SQL injection Authentication bypass Description : an attacker is able to inject malicious sql query to bypass the login page and login as normal user Proof of Concept : - http://localhost/login.php set username and password = PCS00442...

Exploits0
Rows per page
Query Builder