Marketplace Digital Products PHP

CVEs (3)

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2017-17873	Vanguard Marketplace Digital Products PHP	Cri	0.67	9.8	0.01	Dec 27, 2017	Vanguard Marketplace Digital Products PHP 1.4 has SQL Injection via the PATH_INFO to the /p URI.
CVE-2017-17874	Vanguard Marketplace Digital Products PHP	Hig	0.60	8.8	0.02	Dec 27, 2017	Vanguard Marketplace Digital Products PHP 1.4 allows arbitrary file upload via an "Add a new product" or "Add a product preview" action, which can make a .php file accessible under a uploads/ URI.
CVE-2017-17937	Vanguard Marketplace Digital Products PHP	Med	0.40	6.1	0.00	Dec 28, 2017	Vanguard Marketplace Digital Products PHP has XSS via the phps_query parameter to /search.

CVE-2017-17873CriDec 27, 2017
Vanguard
Marketplace Digital Products PHP
risk 0.67cvss 9.8epss 0.01
Vanguard Marketplace Digital Products PHP 1.4 has SQL Injection via the PATH_INFO to the /p URI.
CVE-2017-17874HigDec 27, 2017
Vanguard
Marketplace Digital Products PHP
risk 0.60cvss 8.8epss 0.02
Vanguard Marketplace Digital Products PHP 1.4 allows arbitrary file upload via an "Add a new product" or "Add a product preview" action, which can make a .php file accessible under a uploads/ URI.
CVE-2017-17937MedDec 28, 2017
Vanguard
Marketplace Digital Products PHP
risk 0.40cvss 6.1epss 0.00
Vanguard Marketplace Digital Products PHP has XSS via the phps_query parameter to /search.