EUVD-2018-2133

Malware in sbrugna...

CVE-2018-10050

iScripts eSwap v2.4 has SQL injection via the "registrationsettings.php" ddlFree parameter in the Admin Panel...

CVE-2018-10049

CVE-2018-10049 : iScripts eSwap v2.4 is vulnerable to a cross-site scripting (XSS) flaw in the Admin Panel, triggered via the registration_settings.php TXT Date parameter. The issue originates in the Admin Panel input handling and can lead to script execution in the context of an authenticated us...

CVE-2018-10050

CVE-2018-10050 affects iScripts eSwap v2.4, where the Admin Panel’s registration_settings.php hidden ddlFree parameter is vulnerable to SQL injection. The issue is described across multiple connected sources (NVD, Red Hat advisory, CNVD) as a SQL injection vulnerability in iScripts eSwap v2.4, wi...

CVE-2018-10049

iScripts eSwap v2.4 has XSS via the "registrationsettings.php" txtDate parameter in the Admin Panel...

CVE-2018-10048

The CVE-2018-10048 entry concerns iScripts eSwap v2.4, where a Cross-Site Request Forgery (CSRF) vulnerability exists via the Admin Panel page registration_settings.php. The connected sources corroborate a CSRF issue affecting the Admin Panel functionality, identified across multiple feeds (NVD, ...