CVE-2017-15992

CVE-2017-15992 affects the Website Broker Script, where a SQL injection is possible through the GET parameter status_id in the file status_list.php . The vulnerability arises from unsafely handling the input, enabling an attacker to inject SQL commands. Public references describe a boolean-based ...

CVE-2018-6900

The CVE-2018-6900 entry concerns PHP Scripts Mall Website Broker Script 3.0.6, with a reflected/stored XSS via the Last Name field on the My Profile page. The publicly documented content across sources confirms the vulnerable component (the broker script), the input vector (Last Name on My Profil...