Lucene search
K
IscriptsEswap

9 matches found

CVE
CVE
added 2018/04/11 8:0 p.m.54 views

CVE-2018-10050

CVE-2018-10050 affects iScripts eSwap v2.4, where the Admin Panel’s registration_settings.php hidden ddlFree parameter is vulnerable to SQL injection. The issue is described across multiple connected sources (NVD, Red Hat advisory, CNVD) as a SQL injection vulnerability in iScripts eSwap v2.4, wi...

7.2CVSS7.4AI score0.01037EPSS
CVE
CVE
added 2018/04/11 8:0 p.m.50 views

CVE-2018-10048

The CVE-2018-10048 entry concerns iScripts eSwap v2.4, where a Cross-Site Request Forgery (CSRF) vulnerability exists via the Admin Panel page registration_settings.php. The connected sources corroborate a CSRF issue affecting the Admin Panel functionality, identified across multiple feeds (NVD, ...

8.8CVSS8.6AI score0.00512EPSS
CVE
CVE
added 2018/04/11 8:0 p.m.49 views

CVE-2018-10049

CVE-2018-10049 : iScripts eSwap v2.4 is vulnerable to a cross-site scripting (XSS) flaw in the Admin Panel, triggered via the registration_settings.php TXT Date parameter. The issue originates in the Admin Panel input handling and can lead to script execution in the context of an authenticated us...

4.8CVSS4.9AI score0.00548EPSS
CVE
CVE
added 2011/11/02 9:0 p.m.48 views

CVE-2010-5036

CVE-2010-5036 affects iScripts eSwap 2.0, where addsale.php is vulnerable to SQL injection via the type parameter. The vulnerability allows remote attackers to potentially manipulate the database, with a CVSSv2 base score of 7.5 (HIGH) and network-based, low-complexity conditions, authenticated a...

7.5CVSS8.7AI score0.01179EPSS
CVE
CVE
added 2018/05/22 5:0 p.m.48 views

CVE-2018-11372

CVE-2018-11372 affects iScripts eSwap v2.4. The issue is an SQL injection in the Wishlistdetailed.php User Panel ToId parameter, caused by unsafe handling of the ToId input. The vulnerability can enable attackers to view, add, modify, or delete data in the backend database (as described across mu...

9.8CVSS9.8AI score0.01202EPSS
CVE
CVE
added 2018/05/22 5:0 p.m.47 views

CVE-2018-11373

The CVE-2018-11373 entry concerns iScripts eSwap v2.4, where a SQL injection exists in the salelistdetailed.php User Panel ToId parameter. The root cause appears to be improper handling of user-supplied ToId leading to database query manipulation. Multiple connected sources (CNVD-2018-15242, RH: ...

9.8CVSS9.8AI score0.01202EPSS
CVE
CVE
added 2018/04/16 5:0 p.m.44 views

CVE-2018-10135

iScripts eSwap v2.4 contains a Reflected Cross-Site Scripting (XSS) vulnerability in the User Panel, exploitable via the catid parameter of catwiseproducts.php. The root cause is the lack of input sanitization/reflection of user-controlled data in server responses, enabling injection of arbitrary...

6.1CVSS5.9AI score0.00692EPSS
CVE
CVE
added 2018/05/25 2:0 p.m.39 views

CVE-2018-11470

The CVE-2018-11470 entry applies to iScripts eSwap v2.4 and describes a SQL injection vulnerability in the User Panel caused by the search.php parameter named 'Told' . The vulnerability allows arbitrary SQL commands due to unsanitized input in the user-facing search feature and is reported with a...

8.8CVSS9AI score0.01054EPSS
CVE
CVE
added 2011/11/02 9:0 p.m.38 views

CVE-2010-5035

CVE-2010-5035 is an XSS vulnerability in iScripts eSwap 2.0, affecting the search.php script via the txtHomeSearch parameter. The underlying issue is a failure to properly sanitize input, enabling remote attackers to inject arbitrary script/HTML through the search field. The NVD entry lists a CVS...

4.3CVSS5.9AI score0.01776EPSS