13 matches found
CVE-2019-20337
Summary: CVE-2019-20337 affects PHP Scripts Mall advanced-real-estate-script 4.0.9. The vulnerability is in news_edit.php, where the news_id parameter is vulnerable to SQL Injection. The root cause is improper input validation/sanitization of externally provided SQL statements. Reported impact in...
CVE-2019-20336
CVE-2019-20336 affects PHP Scripts Mall advanced-real-estate-script 4.0.9. The vulnerability is a cross-site scripting (XSS) flaw in the search-results.php searchtext parameter, caused by inadequate validation of client-side data in the WEB application. Exploitation allows an attacker to execute ...
CVE-2018-15188
The vulnerability CVE-2018-15188 affects PHP Scripts Mall advanced-real-estate-script v4.0.9, where remote attackers can cause a denial of service (page structure loss) by submitting crafted JavaScript in the Name field of a profile. This is documented across CVE/NVD and CNVD entries; exploitatio...
CVE-2018-5072
CVE-2018-5072 describes a Cross-Site Scripting (XSS) vulnerability in Online Ticket Booking, exploitable via the admin/sitesettings.php keyword parameter. Multiple connected records confirm the issue and describe the impact as XSS, with CVSS scores from NVD indicating low–medium severity (base sc...
CVE-2018-5074
CVE-2018-5074 is described across sources as an XSS vulnerability in Online Ticket Booking, exploitable via the admin/manageownerlist.php contact parameter. Multiple documents (NVD, Red Hat, CVE lists) corroborate the description. The NVD entry lists two CVSS vectors: CVSSv2 base score 3.5 (LOW) ...
CVE-2017-17603
CVE-2017-17603 affects Advanced Real Estate Script 4.0.7 (PHP/MySQL). The vulnerability is an SQL Injection in search-results.php exploitable via parameters projectmain, proj_type, searchtext, sell_price, or maxprice. According to NVD, CVSSv2/3 indicate high to critical impact (Base Scores 7.5/9....
CVE-2018-5073
CVE-2018-5073 affects the Online Ticket Booking system, with a CSRF vulnerability in the admin/movieedit.php endpoint. The issue allows forged requests to be sent on behalf of an authenticated admin, potentially enabling unauthorized actions. The CVE entry lists CVSS metrics (2.0/3.0) indicating ...
CVE-2018-5075
CVE-2018-5075 specifies an XSS vulnerability in Online Ticket Booking, exploitable via the admin/snacks_edit.php snacks_name parameter. The available connected documents confirm the affected application path and vulnerability class (XSS) but do not provide exploit code, affected versions, remedia...
CVE-2018-15189
The CVE-2018-15189 issue affects PHP Scripts Mall advanced-real-estate-script, with a cross-site scripting (XSS) vulnerability exploitable via the Name field in a user profile. The root cause is insufficient input handling/sanitization of the Name field, enabling HTML injection. Public references...
CVE-2018-5077
CVE-2018-5077 is described across multiple sources as an XSS vulnerability in Online Ticket Booking, exploitable via the admin/movieedit.php moviename parameter. The NVD entry lists a network-accessible, low-medium severity issue with CVSS v3.0 base score 4.8 (I/L, C/L) and a CVSS v2 base score 3...
CVE-2018-5078
The CVE-2018-5078 entry concerns a Cross-Site Scripting (XSS) vulnerability in the Online Ticket Booking system, exploitable via the admin/eventlist.php cast parameter. Connected sources consistently describe XSS as the flaw and point to the same parameter as the vector, but there are no accompan...
CVE-2018-5076
CVE-2018-5076 is a Cross-Site Scripting (XSS) vulnerability affecting the Online Ticket Booking component of the Advanced Real Estate Script family. Multiple sources (NVD, Red Hat advisory, CNVD) describe an XSS flaw that can be exploited via the admin/newsedit.php news title parameter, enabling ...
CVE-2018-15187
CVE-2018-15187 concerns PHP Scripts Mall’s advanced-real-estate-script v4.0.9, where a Cross-Site Request Forgery (CSRF) flaw in edit-profile.php enables unauthorized actions. The CVSS details indicate a high-severity impact (CVSS3 8.0, HIGH; vector: NETWORK, LOW attack complexity, PR: LOW, UI: R...