PHP Scripts Mall
Products
61- 10 CVEs
- 10 CVEs
- 10 CVEs
- 8 CVEs
- 8 CVEs
- 8 CVEs
- 7 CVEs
- 5 CVEs
- 5 CVEs
- 4 CVEs
- 4 CVEs
- 4 CVEs
- 4 CVEs
- 3 CVEs
- 3 CVEs
- 3 CVEs
- 3 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- View all 61 products →
Recent CVEs
145| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-12055 | Cri | 0.67 | 9.8 | 0.03 | Jun 8, 2018 | Multiple SQL Injections exist in PHP Scripts Mall Schools Alert Management Script via crafted POST data in contact_us.php, faq.php, about.php, photo_gallery.php, privacy.php, and so on. | ||
| CVE-2018-12052 | Cri | 0.67 | 9.8 | 0.05 | Jun 8, 2018 | SQL Injection exists in PHP Scripts Mall Schools Alert Management Script via the q Parameter in get_sec.php. | ||
| CVE-2018-7477 | Cri | 0.67 | 9.8 | 0.03 | Feb 28, 2018 | SQL Injection exists in PHP Scripts Mall School Management Script 3.0.4 via the Username and Password fields to parents/Parent_module/parent_login.php. | ||
| CVE-2017-17602 | Cri | 0.67 | 9.8 | 0.03 | Dec 13, 2017 | Advance B2B Script 2.1.3 has SQL Injection via the tradeshow-list-detail.php show_id or view-product.php pid parameter. | ||
| CVE-2017-17596 | Cri | 0.67 | 9.8 | 0.03 | Dec 13, 2017 | Entrepreneur Job Portal Script 2.0.6 has SQL Injection via the jobsearch_all.php rid1 parameter. | ||
| CVE-2018-12051 | Cri | 0.64 | 9.8 | 0.03 | Jun 8, 2018 | Arbitrary File Upload and Remote Code Execution exist in PHP Scripts Mall Schools Alert Management Script via $_FILE in /webmasterst/general.php, as demonstrated by a .php file with the image/jpeg content type. | ||
| CVE-2018-6859 | Cri | 0.64 | 9.8 | 0.02 | Feb 23, 2018 | SQL Injection exists in PHP Scripts Mall Schools Alert Management Script 2.0.2 via the Login Parameter. | ||
| CVE-2018-6928 | Cri | 0.64 | 9.8 | 0.02 | Feb 13, 2018 | PHP Scripts Mall News Website Script 2.0.4 has SQL Injection via a search term. | ||
| CVE-2018-6863 | Cri | 0.64 | 9.8 | 0.02 | Feb 12, 2018 | SQL Injection exists in PHP Scripts Mall Select Your College Script 2.0.2 via a Login Parameter. | ||
| CVE-2017-17959 | Cri | 0.64 | 9.8 | 0.01 | Dec 28, 2017 | PHP Scripts Mall PHP Multivendor Ecommerce has SQL Injection via the seller-view.php usid parameter. | ||
| CVE-2017-17957 | Cri | 0.64 | 9.8 | 0.01 | Dec 28, 2017 | PHP Scripts Mall PHP Multivendor Ecommerce has SQL Injection via the my_wishlist.php fid parameter. | ||
| CVE-2017-17951 | Cri | 0.64 | 9.8 | 0.01 | Dec 28, 2017 | PHP Scripts Mall PHP Multivendor Ecommerce has SQL Injection via the shopping-cart.php cusid parameter. | ||
| CVE-2017-17931 | Cri | 0.64 | 9.8 | 0.01 | Dec 27, 2017 | PHP Scripts Mall Resume Clone Script has SQL Injection via the forget.php username parameter. | ||
| CVE-2017-17928 | Cri | 0.64 | 9.8 | 0.01 | Dec 27, 2017 | PHP Scripts Mall Professional Service Script has SQL injection via the admin/review.php id parameter. | ||
| CVE-2017-17906 | Cri | 0.64 | 9.8 | 0.01 | Dec 27, 2017 | PHP Scripts Mall Car Rental Script has SQL Injection via the admin/carlistedit.php carid parameter. | ||
| CVE-2019-9604 | Hig | 0.57 | 8.8 | 0.01 | Mar 29, 2019 | PHP Scripts Mall Online Lottery PHP Readymade Script 1.7.0 has Cross-Site Request Forgery (CSRF) for Edit Profile actions. | ||
| CVE-2019-7433 | Hig | 0.57 | 8.8 | 0.01 | Mar 21, 2019 | PHP Scripts Mall Rental Bike Script 2.0.3 has Cross-Site Request Forgery (CSRF) via the Edit Profile feature. | ||
| CVE-2018-20648 | Hig | 0.57 | 8.8 | 0.01 | Mar 21, 2019 | PHP Scripts Mall Car Rental Script 2.0.8 has Cross-Site Request Forgery (CSRF) via accountedit.php. | ||
| CVE-2018-20644 | Hig | 0.57 | 8.8 | 0.01 | Mar 21, 2019 | PHP Scripts Mall Basic B2B Script 2.0.9 has Cross-Site Request Forgery (CSRF) via the Edit profile feature. | ||
| CVE-2018-20641 | Hig | 0.57 | 8.8 | 0.01 | Mar 21, 2019 | PHP Scripts Mall Entrepreneur Job Portal Script 3.0.1 has Cross-Site Request Forgery (CSRF) via the Edit Profile feature. |
- risk 0.67cvss 9.8epss 0.03
Multiple SQL Injections exist in PHP Scripts Mall Schools Alert Management Script via crafted POST data in contact_us.php, faq.php, about.php, photo_gallery.php, privacy.php, and so on.
- risk 0.67cvss 9.8epss 0.05
SQL Injection exists in PHP Scripts Mall Schools Alert Management Script via the q Parameter in get_sec.php.
- risk 0.67cvss 9.8epss 0.03
SQL Injection exists in PHP Scripts Mall School Management Script 3.0.4 via the Username and Password fields to parents/Parent_module/parent_login.php.
- risk 0.67cvss 9.8epss 0.03
Advance B2B Script 2.1.3 has SQL Injection via the tradeshow-list-detail.php show_id or view-product.php pid parameter.
- risk 0.67cvss 9.8epss 0.03
Entrepreneur Job Portal Script 2.0.6 has SQL Injection via the jobsearch_all.php rid1 parameter.
- risk 0.64cvss 9.8epss 0.03
Arbitrary File Upload and Remote Code Execution exist in PHP Scripts Mall Schools Alert Management Script via $_FILE in /webmasterst/general.php, as demonstrated by a .php file with the image/jpeg content type.
- risk 0.64cvss 9.8epss 0.02
SQL Injection exists in PHP Scripts Mall Schools Alert Management Script 2.0.2 via the Login Parameter.
- risk 0.64cvss 9.8epss 0.02
PHP Scripts Mall News Website Script 2.0.4 has SQL Injection via a search term.
- risk 0.64cvss 9.8epss 0.02
SQL Injection exists in PHP Scripts Mall Select Your College Script 2.0.2 via a Login Parameter.
- risk 0.64cvss 9.8epss 0.01
PHP Scripts Mall PHP Multivendor Ecommerce has SQL Injection via the seller-view.php usid parameter.
- risk 0.64cvss 9.8epss 0.01
PHP Scripts Mall PHP Multivendor Ecommerce has SQL Injection via the my_wishlist.php fid parameter.
- risk 0.64cvss 9.8epss 0.01
PHP Scripts Mall PHP Multivendor Ecommerce has SQL Injection via the shopping-cart.php cusid parameter.
- risk 0.64cvss 9.8epss 0.01
PHP Scripts Mall Resume Clone Script has SQL Injection via the forget.php username parameter.
- risk 0.64cvss 9.8epss 0.01
PHP Scripts Mall Professional Service Script has SQL injection via the admin/review.php id parameter.
- risk 0.64cvss 9.8epss 0.01
PHP Scripts Mall Car Rental Script has SQL Injection via the admin/carlistedit.php carid parameter.
- risk 0.57cvss 8.8epss 0.01
PHP Scripts Mall Online Lottery PHP Readymade Script 1.7.0 has Cross-Site Request Forgery (CSRF) for Edit Profile actions.
- risk 0.57cvss 8.8epss 0.01
PHP Scripts Mall Rental Bike Script 2.0.3 has Cross-Site Request Forgery (CSRF) via the Edit Profile feature.
- risk 0.57cvss 8.8epss 0.01
PHP Scripts Mall Car Rental Script 2.0.8 has Cross-Site Request Forgery (CSRF) via accountedit.php.
- risk 0.57cvss 8.8epss 0.01
PHP Scripts Mall Basic B2B Script 2.0.9 has Cross-Site Request Forgery (CSRF) via the Edit profile feature.
- risk 0.57cvss 8.8epss 0.01
PHP Scripts Mall Entrepreneur Job Portal Script 3.0.1 has Cross-Site Request Forgery (CSRF) via the Edit Profile feature.