7 matches found
CVE-2017-17924
The CVE-2017-17924 vulnerability affects PHP Scripts Mall Professional Service Script, enabling information disclosure: remote attackers can obtain sensitive full-path information via the id parameter in admin/review_userwise.php. Root cause is improper handling of the id parameter, leading to ex...
CVE-2017-17929
The CVE concerns PHP Scripts Mall Professional Service Script. Affected component: admin/bannerview.php with the view parameter vulnerable to XSS. This is described across multiple sources as a cross-site scripting vulnerability in the Professional Service Script, enabling script execution via th...
CVE-2017-17925
Summary: CVE-2017-17925 affects the PHP Scripts Mall Professional Service Script. The vulnerability is an XSS flaw in the admin/general_settingupd.php endpoint, specifically via the website_title parameter. This is documented across multiple sources (NVD and CNVD entries) as a cross-site scriptin...
CVE-2017-17928
The CVE-2017-17928 entry concerns PHP Scripts Mall Professional Service Script. It describes an SQL injection vulnerability in the admin/review.php endpoint triggered via the id parameter, allowing an attacker to manipulate queries. Connected CNVD/NVD records corroborate a SQL injection vulnerabi...
CVE-2017-17927
CVE-2017-17927 : The vulnerability is in PHP Scripts Mall Professional Service Script, where a remote attacker can obtain sensitive full-path information by sending a crafted PATH_INFO to the URL path service-list/category/. The root cause is improper handling of PATH_INFO in that script, leading...
CVE-2017-17926
CVE-2017-17926 concerns the PHP Scripts Mall Professional Service Script, where a predictable registration URL enables remote attackers to create accounts using invalid or spoofed email addresses. The description across multiple connected documents consistently identifies the vulnerability as a p...
CVE-2017-17930
The affected software is PHP Scripts Mall Professional Service Script. It contains a Cross-Site Request Forgery (CSRF) vulnerability exploitable via admin/general_settingupd.php, demonstrated by changing a setting in the user panel. The root cause and specific impact details are described across ...