Accounting for totalTicketsForReferrersPerDraw is not correct in referralRegisterTickets

Lines of code Vulnerability details Impact When referralRegisterTickets is called, accounting for totalTicketsForReferrersPerDraw is not correct. totalTicketsForReferrersPerDraw for currentDraw should be updated when unclaimed tickets for referrer meets the minimun eligible criterial in currentDr...

MaianAffiliate Code Injection Vulnerability Vulnerability

MaianAffiliate is a free, simple but powerful php referral system written in PHP. a security vulnerability exists in MaianAffiliate v.1.0, which stems from the existence of a PHP code injection issue. An authenticated attacker can exploit this vulnerability to obtain RCE through the MaianAffiliat...

Cashback on referral

Lines of code Vulnerability details Impact In the fee collect modules like FeeCollectModule there is no prevention of someone submitting a second profile they own as the referrerProfileId in processCollect to receive back part of the fees paid. The referral system is essentially broken as all...

Swoopo Gold Shop CMS 8.4.56 Cross Site Scripting / SQL Injection

Title: ====== Swoopo Gold Shop CMS v8.4.56 - Multiple Web Vulnerabilities Date: ===== 2012-05-14 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=515 VL-ID: ===== 515 Common Vulnerability Scoring System: ==================================== 8.5 Introduction: ============...

Swoopo Gold Shop CMS 8.4.56 - Multiple Web Vulnerabilities

Swoopo Gold Shop CMS 8.4.56 - Multiple Web Vulnerabilities Title: ====== Swoopo Gold Shop CMS v8.4.56 - Multiple Web Vulnerabilities Date: ===== 2012-05-14 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=515 VL-ID: ===== 515 Common Vulnerability Scoring System:...