Itechscripts
Products
5- 6 CVEs
- 3 CVEs
- 3 CVEs
- 2 CVEs
- 2 CVEs
Recent CVEs
16| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-17576 | Cri | 0.67 | 9.8 | 0.03 | Dec 13, 2017 | FS Gigs Script 1.0 has SQL Injection via the browse-category.php cat parameter, browse-scategory.php sc parameter, or service-provider.php ser parameter. | ||
| CVE-2017-15963 | Cri | 0.67 | 9.8 | 0.02 | Oct 29, 2017 | iTech Gigs Script 1.21 allows SQL Injection via the browse-scategory.php sc parameter or the service-provider.php ser parameter. | ||
| CVE-2014-100020 | 0.03 | — | 0.01 | Jan 13, 2015 | SQL injection vulnerability in ChangeEmail.php in iTechClassifieds 3.03.057 allows remote attackers to execute arbitrary SQL commands via the PreviewNum parameter. NOTE: the CatID parameter is already covered by CVE-2008-0685. | |||
| CVE-2012-4281 | 0.03 | — | 0.02 | Aug 13, 2012 | Multiple SQL injection vulnerabilities in Travelon Express 6.2.2 allow remote attackers to execute arbitrary SQL commands via the hid parameter to (1) holiday.php or (2) holiday_book.php, (3) id parameter to pages.php, (4) fid parameter to admin/airline-edit.php, or (5) cid… | |||
| CVE-2012-4266 | 0.03 | — | 0.02 | Aug 13, 2012 | Cross-site scripting (XSS) vulnerability in client_details.php in Proman Xpress 5.0.1 allows remote attackers to inject arbitrary web script or HTML via the cl_comments parameter. NOTE: some of these details are obtained from third party information. | |||
| CVE-2012-4265 | 0.03 | — | 0.01 | Aug 13, 2012 | SQL injection vulnerability in category_edit.php in Proman Xpress 5.0.1 allows remote attackers to execute arbitrary SQL commands via the cid parameter. | |||
| CVE-2012-2939 | 0.03 | — | 0.04 | May 27, 2012 | Multiple unrestricted file upload vulnerabilities in Travelon Express 6.2.2 allow remote authenticated users to execute arbitrary code by uploading a file with an executable extension using (1) airline-edit.php, (2) hotel-image-add.php, or (3) hotel-add.php. | |||
| CVE-2012-2938 | 0.03 | — | 0.02 | May 27, 2012 | Multiple cross-site scripting (XSS) vulnerabilities in Travelon Express 6.2.2 allow remote attackers to inject arbitrary web script or HTML via the holiday name field to (1) holiday_add.php or (2) holiday_view.php. | |||
| CVE-2009-3968 | 0.03 | — | 0.01 | Nov 18, 2009 | Multiple SQL injection vulnerabilities in ITechBids 8.0 allow remote attackers to execute arbitrary SQL commands via the (1) user_id parameter to feedback.php, (2) cate_id parameter to category.php, (3) id parameter to news.php, and (4) productid parameter to itechd.php. NOTE:… | |||
| CVE-2008-3238 | 0.03 | — | 0.01 | Jul 21, 2008 | Multiple SQL injection vulnerabilities in ITechBids 7.0 Gold allow remote attackers to execute arbitrary SQL commands via (1) the seller_id parameter in sellers_othersitem.php, (2) the productid parameter in classifieds.php, and (3) the id parameter in shop.php. | |||
| CVE-2008-3237 | 0.03 | — | 0.02 | Jul 21, 2008 | Cross-site scripting (XSS) vulnerability in forward_to_friend.php in ITechBids 7.0 Gold allows remote attackers to inject arbitrary web script or HTML via the productid parameter. | |||
| CVE-2008-0776 | 0.03 | — | 0.01 | Feb 14, 2008 | SQL injection vulnerability in detail.php in iTechBids Gold 6.0 allows remote attackers to execute arbitrary SQL commands via the item_id parameter. | |||
| CVE-2008-0684 | 0.03 | — | 0.01 | Feb 12, 2008 | Cross-site scripting (XSS) vulnerability in ViewCat.php in iTechClassifieds 3.0 allows remote attackers to inject arbitrary web script or HTML via the CatID parameter. | |||
| CVE-2008-0685 | 0.03 | — | 0.01 | Feb 12, 2008 | SQL injection vulnerability in ViewCat.php in iTechClassifieds 3.0 allows remote attackers to execute arbitrary SQL commands via the CatID parameter. | |||
| CVE-2008-0692 | 0.03 | — | 0.01 | Feb 12, 2008 | SQL injection vulnerability in bidhistory.php in iTechBids 3 Gold and 5.0 allows remote attackers to execute arbitrary SQL commands via the item_id parameter. | |||
| CVE-2008-4872 | 0.00 | — | 0.01 | Nov 1, 2008 | Cross-site scripting (XSS) vulnerability in bidhistory.php in iTechBids Gold 5.0 allows remote attackers to inject arbitrary web script or HTML via the item_id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party… |
- risk 0.67cvss 9.8epss 0.03
FS Gigs Script 1.0 has SQL Injection via the browse-category.php cat parameter, browse-scategory.php sc parameter, or service-provider.php ser parameter.
- risk 0.67cvss 9.8epss 0.02
iTech Gigs Script 1.21 allows SQL Injection via the browse-scategory.php sc parameter or the service-provider.php ser parameter.
- CVE-2014-100020Jan 13, 2015risk 0.03cvss —epss 0.01
SQL injection vulnerability in ChangeEmail.php in iTechClassifieds 3.03.057 allows remote attackers to execute arbitrary SQL commands via the PreviewNum parameter. NOTE: the CatID parameter is already covered by CVE-2008-0685.
- CVE-2012-4281Aug 13, 2012risk 0.03cvss —epss 0.02
Multiple SQL injection vulnerabilities in Travelon Express 6.2.2 allow remote attackers to execute arbitrary SQL commands via the hid parameter to (1) holiday.php or (2) holiday_book.php, (3) id parameter to pages.php, (4) fid parameter to admin/airline-edit.php, or (5) cid…
- CVE-2012-4266Aug 13, 2012risk 0.03cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in client_details.php in Proman Xpress 5.0.1 allows remote attackers to inject arbitrary web script or HTML via the cl_comments parameter. NOTE: some of these details are obtained from third party information.
- CVE-2012-4265Aug 13, 2012risk 0.03cvss —epss 0.01
SQL injection vulnerability in category_edit.php in Proman Xpress 5.0.1 allows remote attackers to execute arbitrary SQL commands via the cid parameter.
- CVE-2012-2939May 27, 2012risk 0.03cvss —epss 0.04
Multiple unrestricted file upload vulnerabilities in Travelon Express 6.2.2 allow remote authenticated users to execute arbitrary code by uploading a file with an executable extension using (1) airline-edit.php, (2) hotel-image-add.php, or (3) hotel-add.php.
- CVE-2012-2938May 27, 2012risk 0.03cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in Travelon Express 6.2.2 allow remote attackers to inject arbitrary web script or HTML via the holiday name field to (1) holiday_add.php or (2) holiday_view.php.
- CVE-2009-3968Nov 18, 2009risk 0.03cvss —epss 0.01
Multiple SQL injection vulnerabilities in ITechBids 8.0 allow remote attackers to execute arbitrary SQL commands via the (1) user_id parameter to feedback.php, (2) cate_id parameter to category.php, (3) id parameter to news.php, and (4) productid parameter to itechd.php. NOTE:…
- CVE-2008-3238Jul 21, 2008risk 0.03cvss —epss 0.01
Multiple SQL injection vulnerabilities in ITechBids 7.0 Gold allow remote attackers to execute arbitrary SQL commands via (1) the seller_id parameter in sellers_othersitem.php, (2) the productid parameter in classifieds.php, and (3) the id parameter in shop.php.
- CVE-2008-3237Jul 21, 2008risk 0.03cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in forward_to_friend.php in ITechBids 7.0 Gold allows remote attackers to inject arbitrary web script or HTML via the productid parameter.
- CVE-2008-0776Feb 14, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in detail.php in iTechBids Gold 6.0 allows remote attackers to execute arbitrary SQL commands via the item_id parameter.
- CVE-2008-0684Feb 12, 2008risk 0.03cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in ViewCat.php in iTechClassifieds 3.0 allows remote attackers to inject arbitrary web script or HTML via the CatID parameter.
- CVE-2008-0685Feb 12, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in ViewCat.php in iTechClassifieds 3.0 allows remote attackers to execute arbitrary SQL commands via the CatID parameter.
- CVE-2008-0692Feb 12, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in bidhistory.php in iTechBids 3 Gold and 5.0 allows remote attackers to execute arbitrary SQL commands via the item_id parameter.
- CVE-2008-4872Nov 1, 2008risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in bidhistory.php in iTechBids Gold 5.0 allows remote attackers to inject arbitrary web script or HTML via the item_id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party…