Lucene search
K
Advanced Real Estate Script ProjectAdvanced Real Estate Script

13 matches found

CVE
CVE
added 2020/01/05 9:6 p.m.80 views

CVE-2019-20337

Summary: CVE-2019-20337 affects PHP Scripts Mall advanced-real-estate-script 4.0.9. The vulnerability is in news_edit.php, where the news_id parameter is vulnerable to SQL Injection. The root cause is improper input validation/sanitization of externally provided SQL statements. Reported impact in...

7.2CVSS7.2AI score0.0104EPSS
CVE
CVE
added 2020/01/05 9:6 p.m.70 views

CVE-2019-20336

CVE-2019-20336 affects PHP Scripts Mall advanced-real-estate-script 4.0.9. The vulnerability is a cross-site scripting (XSS) flaw in the search-results.php searchtext parameter, caused by inadequate validation of client-side data in the WEB application. Exploitation allows an attacker to execute ...

6.1CVSS6.3AI score0.007EPSS
CVE
CVE
added 2018/08/10 3:0 p.m.55 views

CVE-2018-15188

The vulnerability CVE-2018-15188 affects PHP Scripts Mall advanced-real-estate-script v4.0.9, where remote attackers can cause a denial of service (page structure loss) by submitting crafted JavaScript in the Name field of a profile. This is documented across CVE/NVD and CNVD entries; exploitatio...

6.5CVSS6.5AI score0.00938EPSS
CVE
CVE
added 2018/01/03 8:0 p.m.53 views

CVE-2018-5072

CVE-2018-5072 describes a Cross-Site Scripting (XSS) vulnerability in Online Ticket Booking, exploitable via the admin/sitesettings.php keyword parameter. Multiple connected records confirm the issue and describe the impact as XSS, with CVSS scores from NVD indicating low–medium severity (base sc...

4.8CVSS4.9AI score0.00492EPSS
Web
CVE
CVE
added 2018/01/03 8:0 p.m.51 views

CVE-2018-5074

CVE-2018-5074 is described across sources as an XSS vulnerability in Online Ticket Booking, exploitable via the admin/manageownerlist.php contact parameter. Multiple documents (NVD, Red Hat, CVE lists) corroborate the description. The NVD entry lists two CVSS vectors: CVSSv2 base score 3.5 (LOW) ...

4.8CVSS4.9AI score0.00492EPSS
Web
CVE
CVE
added 2017/12/13 9:0 a.m.50 views

CVE-2017-17603

CVE-2017-17603 affects Advanced Real Estate Script 4.0.7 (PHP/MySQL). The vulnerability is an SQL Injection in search-results.php exploitable via parameters projectmain, proj_type, searchtext, sell_price, or maxprice. According to NVD, CVSSv2/3 indicate high to critical impact (Base Scores 7.5/9....

9.8CVSS9.9AI score0.0305EPSS
CVE
CVE
added 2018/01/03 8:0 p.m.48 views

CVE-2018-5073

CVE-2018-5073 affects the Online Ticket Booking system, with a CSRF vulnerability in the admin/movieedit.php endpoint. The issue allows forged requests to be sent on behalf of an authenticated admin, potentially enabling unauthorized actions. The CVE entry lists CVSS metrics (2.0/3.0) indicating ...

6.8CVSS6.7AI score0.00397EPSS
CVE
CVE
added 2018/01/03 8:0 p.m.47 views

CVE-2018-5075

CVE-2018-5075 specifies an XSS vulnerability in Online Ticket Booking, exploitable via the admin/snacks_edit.php snacks_name parameter. The available connected documents confirm the affected application path and vulnerability class (XSS) but do not provide exploit code, affected versions, remedia...

4.8CVSS4.9AI score0.00492EPSS
Web
CVE
CVE
added 2018/08/10 3:0 p.m.45 views

CVE-2018-15189

The CVE-2018-15189 issue affects PHP Scripts Mall advanced-real-estate-script, with a cross-site scripting (XSS) vulnerability exploitable via the Name field in a user profile. The root cause is insufficient input handling/sanitization of the Name field, enabling HTML injection. Public references...

5.4CVSS5.3AI score0.00545EPSS
CVE
CVE
added 2018/01/03 8:0 p.m.45 views

CVE-2018-5077

CVE-2018-5077 is described across multiple sources as an XSS vulnerability in Online Ticket Booking, exploitable via the admin/movieedit.php moviename parameter. The NVD entry lists a network-accessible, low-medium severity issue with CVSS v3.0 base score 4.8 (I/L, C/L) and a CVSS v2 base score 3...

4.8CVSS4.9AI score0.00492EPSS
Web
CVE
CVE
added 2018/01/03 8:0 p.m.45 views

CVE-2018-5078

The CVE-2018-5078 entry concerns a Cross-Site Scripting (XSS) vulnerability in the Online Ticket Booking system, exploitable via the admin/eventlist.php cast parameter. Connected sources consistently describe XSS as the flaw and point to the same parameter as the vector, but there are no accompan...

4.8CVSS4.9AI score0.00492EPSS
Web
CVE
CVE
added 2018/01/03 8:0 p.m.44 views

CVE-2018-5076

CVE-2018-5076 is a Cross-Site Scripting (XSS) vulnerability affecting the Online Ticket Booking component of the Advanced Real Estate Script family. Multiple sources (NVD, Red Hat advisory, CNVD) describe an XSS flaw that can be exploited via the admin/newsedit.php news title parameter, enabling ...

4.8CVSS4.9AI score0.00492EPSS
Web
CVE
CVE
added 2018/08/10 3:0 p.m.43 views

CVE-2018-15187

CVE-2018-15187 concerns PHP Scripts Mall’s advanced-real-estate-script v4.0.9, where a Cross-Site Request Forgery (CSRF) flaw in edit-profile.php enables unauthorized actions. The CVSS details indicate a high-severity impact (CVSS3 8.0, HIGH; vector: NETWORK, LOW attack complexity, PR: LOW, UI: R...

8CVSS7.9AI score0.00452EPSS