Posty Readymade Classifieds
by Scubez
CVEs (4)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-17111 | Cri | 0.67 | 9.8 | 0.09 | Dec 11, 2017 | Posty Readymade Classifieds Script 1.0 allows an attacker to inject SQL commands via a listings.php?catid= or ads-details.php?ID= request. | ||
| CVE-2017-17568 | Hig | 0.49 | 7.5 | 0.01 | Dec 13, 2017 | Scubez Posty Readymade Classifieds has Incorrect Access Control for visiting admin/user_activate_submit.php (aka the backend PHP script), which might allow remote attackers to obtain sensitive information via a direct request. | ||
| CVE-2017-17567 | Hig | 0.49 | 7.5 | 0.01 | Dec 13, 2017 | Scubez Posty Readymade Classifieds has SQL Injection via the admin/user_activate_submit.php ID parameter. | ||
| CVE-2017-17569 | Med | 0.40 | 6.1 | 0.01 | Dec 13, 2017 | Scubez Posty Readymade Classifieds has XSS via the admin/user_activate_submit.php ID parameter. |
- risk 0.67cvss 9.8epss 0.09
Posty Readymade Classifieds Script 1.0 allows an attacker to inject SQL commands via a listings.php?catid= or ads-details.php?ID= request.
- risk 0.49cvss 7.5epss 0.01
Scubez Posty Readymade Classifieds has Incorrect Access Control for visiting admin/user_activate_submit.php (aka the backend PHP script), which might allow remote attackers to obtain sensitive information via a direct request.
- risk 0.49cvss 7.5epss 0.01
Scubez Posty Readymade Classifieds has SQL Injection via the admin/user_activate_submit.php ID parameter.
- risk 0.40cvss 6.1epss 0.01
Scubez Posty Readymade Classifieds has XSS via the admin/user_activate_submit.php ID parameter.