VYPR
Vendor

Itechscripts

Products
5
CVEs
16
Across products
16
Status
Private

Products

5

Recent CVEs

16
  • CVE-2017-17576CriDec 13, 2017
    risk 0.67cvss 9.8epss 0.03

    FS Gigs Script 1.0 has SQL Injection via the browse-category.php cat parameter, browse-scategory.php sc parameter, or service-provider.php ser parameter.

  • CVE-2017-15963CriOct 29, 2017
    risk 0.67cvss 9.8epss 0.02

    iTech Gigs Script 1.21 allows SQL Injection via the browse-scategory.php sc parameter or the service-provider.php ser parameter.

  • CVE-2014-100020Jan 13, 2015
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in ChangeEmail.php in iTechClassifieds 3.03.057 allows remote attackers to execute arbitrary SQL commands via the PreviewNum parameter. NOTE: the CatID parameter is already covered by CVE-2008-0685.

  • CVE-2012-4281Aug 13, 2012
    risk 0.03cvss epss 0.02

    Multiple SQL injection vulnerabilities in Travelon Express 6.2.2 allow remote attackers to execute arbitrary SQL commands via the hid parameter to (1) holiday.php or (2) holiday_book.php, (3) id parameter to pages.php, (4) fid parameter to admin/airline-edit.php, or (5) cid…

  • CVE-2012-4266Aug 13, 2012
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in client_details.php in Proman Xpress 5.0.1 allows remote attackers to inject arbitrary web script or HTML via the cl_comments parameter. NOTE: some of these details are obtained from third party information.

  • CVE-2012-4265Aug 13, 2012
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in category_edit.php in Proman Xpress 5.0.1 allows remote attackers to execute arbitrary SQL commands via the cid parameter.

  • CVE-2012-2939May 27, 2012
    risk 0.03cvss epss 0.04

    Multiple unrestricted file upload vulnerabilities in Travelon Express 6.2.2 allow remote authenticated users to execute arbitrary code by uploading a file with an executable extension using (1) airline-edit.php, (2) hotel-image-add.php, or (3) hotel-add.php.

  • CVE-2012-2938May 27, 2012
    risk 0.03cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in Travelon Express 6.2.2 allow remote attackers to inject arbitrary web script or HTML via the holiday name field to (1) holiday_add.php or (2) holiday_view.php.

  • CVE-2009-3968Nov 18, 2009
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in ITechBids 8.0 allow remote attackers to execute arbitrary SQL commands via the (1) user_id parameter to feedback.php, (2) cate_id parameter to category.php, (3) id parameter to news.php, and (4) productid parameter to itechd.php. NOTE:…

  • CVE-2008-3238Jul 21, 2008
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in ITechBids 7.0 Gold allow remote attackers to execute arbitrary SQL commands via (1) the seller_id parameter in sellers_othersitem.php, (2) the productid parameter in classifieds.php, and (3) the id parameter in shop.php.

  • CVE-2008-3237Jul 21, 2008
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in forward_to_friend.php in ITechBids 7.0 Gold allows remote attackers to inject arbitrary web script or HTML via the productid parameter.

  • CVE-2008-0776Feb 14, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in detail.php in iTechBids Gold 6.0 allows remote attackers to execute arbitrary SQL commands via the item_id parameter.

  • CVE-2008-0684Feb 12, 2008
    risk 0.03cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in ViewCat.php in iTechClassifieds 3.0 allows remote attackers to inject arbitrary web script or HTML via the CatID parameter.

  • CVE-2008-0685Feb 12, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in ViewCat.php in iTechClassifieds 3.0 allows remote attackers to execute arbitrary SQL commands via the CatID parameter.

  • CVE-2008-0692Feb 12, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in bidhistory.php in iTechBids 3 Gold and 5.0 allows remote attackers to execute arbitrary SQL commands via the item_id parameter.

  • CVE-2008-4872Nov 1, 2008
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in bidhistory.php in iTechBids Gold 5.0 allows remote attackers to inject arbitrary web script or HTML via the item_id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party…