11 matches found
CVE-2017-17957
The CVE-2017-17957 vulnerability affects PHP Scripts Mall PHP Multivendor Ecommerce, where the my_wishlist.php fid parameter is susceptible to SQL injection. This issue enables an attacker to inject arbitrary SQL via the parameter, as reported in multiple feeds referencing a SQL injection flaw in...
CVE-2017-17960
The CVE-2017-17960 entry concerns PHP Scripts Mall PHP Multivendor Ecommerce and a CSRF vulnerability via admin/sellerupd.php. The connected records consistently identify a cross-site request forgery issue without detailing affected versions or root cause beyond the vulnerability type. Exploitati...
CVE-2017-17624
CVE-2017-17624 affects PHP Multivendor Ecommerce 1.0. The vulnerability is a SQL Injection in the application, exploitable through unsanitized input in the file single_detail.php (sid parameter) or category.php (searchcat or chid1 parameter). The issue is documented across multiple sources as a S...
CVE-2017-17952
The CVE-2017-17952 entry concerns PHP Scripts Mall PHP Multivendor Ecommerce, where a predicable registration URL enables remote attackers to complete registrations using invalid or spoofed email addresses. Connected sources (Red Hat, CNVD, CNVD CNVD-2018, PRION, CVE lists, etc.) corroborate the ...
CVE-2017-17958
CVE-2017-17958 concerns PHP Scripts Mall’s PHP Multivendor Ecommerce platform, with a reported Cross-Site Scripting (XSS) vulnerability exploitable via the my_wishlist.php parameter fid . The connected documents consistently identify XSS as the issue; no details on a specific exploit vector, affe...
CVE-2017-17951
The CVE-2017-17951 entry concerns PHP Scripts Mall PHP Multivendor Ecommerce, with a documented SQL Injection vulnerability in the shopping-cart.php cusid parameter. The issue is a SQL injection in the cart flow likely due to improper handling of the cusid input in SQL queries (root cause: unsafe...
CVE-2017-17954
The vulnerability concerns PHP Scripts Mall PHP Multivendor Ecommerce. A cross-site scripting (XSS) flaw exists in the seller-view.php usid parameter. The available documents identify the affected software and the vulnerable parameter but do not provide details on root-cause specifics beyond XSS,...
CVE-2017-17956
CVE-2017-17956 affects PHP Scripts Mall PHP Multivendor Ecommerce with an XSS vulnerability via the admin/sellerupd.php companyname parameter. Connected sources (NVD, Red Hat, CNVD, CNVD, CVE list, PRION, CVELIST) corroborate a cross-site scripting issue; CVSS data (2.0/3.0) indicate MEDIUM sever...
CVE-2017-17959
The CVE-2017-17959 vulnerability affects PHP Scripts Mall PHP Multivendor Ecommerce and is caused by a SQL Injection in the seller-view.php usid parameter. The issue has publicly reported impact metrics: CVSS v2 base score 7.5 (HIGH) with network attack vector, low complexity, and partial confide...
CVE-2017-17953
The CVE-2017-17953 entry applies to PHP Scripts Mall PHP Multivendor Ecommerce. A cross-site scripting (XSS) vulnerability exists in the category.phpchid1 parameter, enabling script injection. This is the underlying issue described across multiple sources (NVD/Red Hat/CNVD/etc.). The exact impact...
CVE-2017-17955
The CVE-2017-17955 entry concerns PHP Scripts Mall PHP Multivendor Ecommerce and is supported by multiple connected records showing an XSS vulnerability in the shopping-cart.php cusid parameter. The exploitable vector is a reflected/persistent cross-site scripting via that parameter, but explicit...