Readymade Video Sharing Script 3.2 - 'search' SQL Injection

Exploit Title: Readymade Video Sharing Script - SQL Injection Error Based Google Dork: NA Date: 10.02.2018 Exploit Author: Varun Bagaria Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/php-video-sharing-script/ Version: 3.2 Tested on: Windows...

CVE-2017-17891

Readymade Video Sharing Script has CSRF via user-profile-edit.php...

CVE-2017-17891

Readymade Video Sharing Script has CSRF via user-profile-edit.php...

CVE-2017-17893

The following CVE concerns the Readymade Video Sharing Script (PHP Scripts Mall). It has a stored/reflected Cross‑Site Scripting (XSS) vulnerability exploitable via user input parameters: search_video.php using the search parameter, viewsubs.php using the chnlid parameter, and user-profile-edit.p...

CVE-2017-17891

CVE-2017-17891 affects Readymade Video Sharing Script. The vulnerability is a cross-site request forgery (CSRF) in the user-profile-edit.php endpoint. According to CNVD-2018-01938 and corroborating sources, a remote attacker can lure a logged‑in user to trigger changes to sensitive settings via t...

CVE-2017-17892

The CVE-2017-17892 entry refers to Readymade Video Sharing Script with an SQL Injection vulnerability exposed through viewsubs.php?chnlid and search_video.php?search. Multiple connected sources confirm this vulnerability exists in the Readymade Video Sharing Script and detail the injection vector...

CVE-2017-17649

Readymade Video Sharing Script 3.2 is affected by an HTML Injection vulnerability in the single-video-detail.php comment parameter. The root cause is unvalidated input reflected into HTML, enabling injection of markup. Affected component: Readymade Video Sharing Script 3.2 (PHP Scripts Mall). Rep...

Readymade Video Sharing Script 3.2 - HTML Injection

Readymade Video Sharing Script 3.2 - HTML Injection Exploit Title: Readymade Video Sharing Script 3.2 - HTML Injection Dork: N/A Date: 13.12.2017 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/php-video-sharing-script/ Demo:...

CVE-2017-17627

The CVE-2017-17627 vulnerability affects Readymade Video Sharing Script 3.2, where SQL injection is possible in the single-video-detail.php endpoint via the report_videos array parameter. Multiple connected sources confirm a remote SQL injection vulnerability (CNVD-2017-37425, NVD entry) with rem...

Readymade Video Sharing Script 3.2 SQL Injection

Exploit Title: Readymade Video Sharing Script 3.2 - SQL Injection Dork: N/A Date: 09.12.2017 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/php-video-sharing-script/ Version: 3.2 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A...