10 matches found
CVE-2017-17957
PHP Scripts Mall PHP Multivendor Ecommerce has SQL Injection via the my_wishlist.php fid parameter.
CVE-2017-17960
PHP Scripts Mall PHP Multivendor Ecommerce has CSRF via admin/sellerupd.php.
CVE-2017-17952
PHP Scripts Mall PHP Multivendor Ecommerce has a predicable registration URL, which makes it easier for remote attackers to register with an invalid or spoofed e-mail address.
CVE-2017-17958
PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the my_wishlist.php fid parameter.
CVE-2017-17956
PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the admin/sellerupd.php companyname parameter.
CVE-2017-17953
PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the category.php chid1 parameter.
CVE-2017-17959
PHP Scripts Mall PHP Multivendor Ecommerce has SQL Injection via the seller-view.php usid parameter.
CVE-2017-17951
PHP Scripts Mall PHP Multivendor Ecommerce has SQL Injection via the shopping-cart.php cusid parameter.
CVE-2017-17954
PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the seller-view.php usid parameter.
CVE-2017-17955
PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the shopping-cart.php cusid parameter.