Vendor CVEs
PHP Scripts Mall
All CVEs
145 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-12055 | Cri | 0.67 | 9.8 | 0.03 | Jun 8, 2018 | Multiple SQL Injections exist in PHP Scripts Mall Schools Alert Management Script via crafted POST data in contact_us.php, faq.php, about.php, photo_gallery.php, privacy.php, and so on. | ||
| CVE-2018-12052 | Cri | 0.67 | 9.8 | 0.05 | Jun 8, 2018 | SQL Injection exists in PHP Scripts Mall Schools Alert Management Script via the q Parameter in get_sec.php. | ||
| CVE-2018-7477 | Cri | 0.67 | 9.8 | 0.03 | Feb 28, 2018 | SQL Injection exists in PHP Scripts Mall School Management Script 3.0.4 via the Username and Password fields to parents/Parent_module/parent_login.php. | ||
| CVE-2017-17602 | Cri | 0.67 | 9.8 | 0.03 | Dec 13, 2017 | Advance B2B Script 2.1.3 has SQL Injection via the tradeshow-list-detail.php show_id or view-product.php pid parameter. | ||
| CVE-2017-17596 | Cri | 0.67 | 9.8 | 0.03 | Dec 13, 2017 | Entrepreneur Job Portal Script 2.0.6 has SQL Injection via the jobsearch_all.php rid1 parameter. | ||
| CVE-2018-12051 | Cri | 0.64 | 9.8 | 0.03 | Jun 8, 2018 | Arbitrary File Upload and Remote Code Execution exist in PHP Scripts Mall Schools Alert Management Script via $_FILE in /webmasterst/general.php, as demonstrated by a .php file with the image/jpeg content type. | ||
| CVE-2018-6859 | Cri | 0.64 | 9.8 | 0.02 | Feb 23, 2018 | SQL Injection exists in PHP Scripts Mall Schools Alert Management Script 2.0.2 via the Login Parameter. | ||
| CVE-2018-6928 | Cri | 0.64 | 9.8 | 0.02 | Feb 13, 2018 | PHP Scripts Mall News Website Script 2.0.4 has SQL Injection via a search term. | ||
| CVE-2018-6863 | Cri | 0.64 | 9.8 | 0.02 | Feb 12, 2018 | SQL Injection exists in PHP Scripts Mall Select Your College Script 2.0.2 via a Login Parameter. | ||
| CVE-2017-17959 | Cri | 0.64 | 9.8 | 0.01 | Dec 28, 2017 | PHP Scripts Mall PHP Multivendor Ecommerce has SQL Injection via the seller-view.php usid parameter. | ||
| CVE-2017-17957 | Cri | 0.64 | 9.8 | 0.01 | Dec 28, 2017 | PHP Scripts Mall PHP Multivendor Ecommerce has SQL Injection via the my_wishlist.php fid parameter. | ||
| CVE-2017-17951 | Cri | 0.64 | 9.8 | 0.01 | Dec 28, 2017 | PHP Scripts Mall PHP Multivendor Ecommerce has SQL Injection via the shopping-cart.php cusid parameter. | ||
| CVE-2017-17931 | Cri | 0.64 | 9.8 | 0.01 | Dec 27, 2017 | PHP Scripts Mall Resume Clone Script has SQL Injection via the forget.php username parameter. | ||
| CVE-2017-17928 | Cri | 0.64 | 9.8 | 0.01 | Dec 27, 2017 | PHP Scripts Mall Professional Service Script has SQL injection via the admin/review.php id parameter. | ||
| CVE-2017-17906 | Cri | 0.64 | 9.8 | 0.01 | Dec 27, 2017 | PHP Scripts Mall Car Rental Script has SQL Injection via the admin/carlistedit.php carid parameter. | ||
| CVE-2019-9604 | Hig | 0.57 | 8.8 | 0.01 | Mar 29, 2019 | PHP Scripts Mall Online Lottery PHP Readymade Script 1.7.0 has Cross-Site Request Forgery (CSRF) for Edit Profile actions. | ||
| CVE-2019-7433 | Hig | 0.57 | 8.8 | 0.01 | Mar 21, 2019 | PHP Scripts Mall Rental Bike Script 2.0.3 has Cross-Site Request Forgery (CSRF) via the Edit Profile feature. | ||
| CVE-2018-20648 | Hig | 0.57 | 8.8 | 0.01 | Mar 21, 2019 | PHP Scripts Mall Car Rental Script 2.0.8 has Cross-Site Request Forgery (CSRF) via accountedit.php. | ||
| CVE-2018-20644 | Hig | 0.57 | 8.8 | 0.01 | Mar 21, 2019 | PHP Scripts Mall Basic B2B Script 2.0.9 has Cross-Site Request Forgery (CSRF) via the Edit profile feature. | ||
| CVE-2018-20641 | Hig | 0.57 | 8.8 | 0.01 | Mar 21, 2019 | PHP Scripts Mall Entrepreneur Job Portal Script 3.0.1 has Cross-Site Request Forgery (CSRF) via the Edit Profile feature. | ||
| CVE-2018-20633 | Hig | 0.57 | 8.8 | 0.01 | Mar 21, 2019 | PHP Scripts Mall Advance B2B Script 2.1.4 has Cross-Site Request Forgery (CSRF) via the Edit Profile feature. | ||
| CVE-2018-15186 | Hig | 0.57 | 8.8 | 0.01 | Aug 10, 2018 | PHP Scripts Mall Chartered Accountant : Auditor Website 2.0.1 has CSRF via client/auditor/updprofile.php. | ||
| CVE-2018-11514 | Hig | 0.57 | 8.8 | 0.01 | May 28, 2018 | PHP Scripts Mall Naukri Clone Script through 3.0.3 allows Unrestricted Upload of a File with a Dangerous Type in edit_resume_det.php, as demonstrated by changing .docx to .php. | ||
| CVE-2018-11501 | Hig | 0.57 | 8.8 | 0.01 | May 26, 2018 | PHP Scripts Mall Website Seller Script 2.0.3 has CSRF via user_submit.php?upd=2, with resultant XSS. | ||
| CVE-2018-6934 | Hig | 0.57 | 8.8 | 0.00 | Apr 12, 2018 | CSRF exists in student/personal-info in PHP Scripts Mall Online Tutoring Script 2.0.3. | ||
| CVE-2018-6903 | Hig | 0.57 | 8.8 | 0.01 | Apr 12, 2018 | PHP Scripts Mall Hot Scripts Clone Script Classified v3.1 uses the client side to enforce validation of an e-mail address, which allows remote attackers to modify a registered e-mail address by removing the validation code. | ||
| CVE-2018-6879 | Hig | 0.57 | 8.8 | 0.01 | Apr 12, 2018 | PHP Scripts Mall Website Seller Script 2.0.3 uses the client side to enforce validation of an e-mail address, which allows remote attackers to modify a registered e-mail address by removing the validation code. | ||
| CVE-2018-6860 | Hig | 0.57 | 8.8 | 0.03 | Feb 12, 2018 | Arbitrary File Upload and Remote Code Execution exist in PHP Scripts Mall Schools Alert Management Script 2.0.2 via a profile picture. | ||
| CVE-2017-17983 | Hig | 0.57 | 8.8 | 0.01 | Dec 30, 2017 | PHP Scripts Mall Muslim Matrimonial Script has SQL injection via the view-profile.php mem_id parameter. | ||
| CVE-2017-17960 | Hig | 0.57 | 8.8 | 0.01 | Dec 28, 2017 | PHP Scripts Mall PHP Multivendor Ecommerce has CSRF via admin/sellerupd.php. | ||
| CVE-2017-17939 | Hig | 0.57 | 8.8 | 0.00 | Dec 28, 2017 | PHP Scripts Mall Single Theater Booking has CSRF via admin/sitesettings.php. | ||
| CVE-2017-17930 | Hig | 0.57 | 8.8 | 0.01 | Dec 27, 2017 | PHP Scripts Mall Professional Service Script has CSRF via admin/general_settingupd.php, as demonstrated by modifying a setting in the user panel. | ||
| CVE-2017-17908 | Hig | 0.57 | 8.8 | 0.00 | Dec 27, 2017 | PHP Scripts Mall Responsive Realestate Script has CSRF via admin/general. | ||
| CVE-2017-17905 | Hig | 0.57 | 8.8 | 0.01 | Dec 27, 2017 | PHP Scripts Mall Car Rental Script has CSRF via admin/sitesettings.php. | ||
| CVE-2017-17952 | Hig | 0.56 | 8.6 | 0.01 | Dec 28, 2017 | PHP Scripts Mall PHP Multivendor Ecommerce has a predicable registration URL, which makes it easier for remote attackers to register with an invalid or spoofed e-mail address. | ||
| CVE-2018-12054 | Hig | 0.55 | 7.5 | 0.39 | Jun 8, 2018 | Arbitrary File Read exists in PHP Scripts Mall Schools Alert Management Script via the f parameter in img.php, aka absolute path traversal. | ||
| CVE-2018-12053 | Hig | 0.53 | 7.5 | 0.11 | Jun 8, 2018 | Arbitrary File Deletion exists in PHP Scripts Mall Schools Alert Management Script via the img parameter in delete_img.php by using directory traversal. | ||
| CVE-2019-9062 | Hig | 0.52 | 8.0 | 0.01 | Feb 23, 2019 | PHP Scripts Mall Online Food Ordering Script 1.0 has Cross-Site Request Forgery (CSRF) in my-account.php. | ||
| CVE-2018-15187 | Hig | 0.52 | 8.0 | 0.00 | Aug 10, 2018 | PHP Scripts Mall advanced-real-estate-script 4.0.9 has CSRF via edit-profile.php. | ||
| CVE-2018-20628 | Hig | 0.49 | 7.5 | 0.02 | Mar 21, 2019 | PHP Scripts Mall Charity Foundation Script 1 through 3 allows directory traversal via a direct request for a listing of an uploads directory such as the wp-content/uploads/2018/12 directory. | ||
| CVE-2019-6126 | Hig | 0.49 | 7.5 | 0.01 | Jan 11, 2019 | The Admin Panel of PHP Scripts Mall Advance Peer to Peer MLM Script v1.7.0 allows remote attackers to bypass intended access restrictions by directly navigating to admin/dashboard.php or admin/user.php, as demonstrated by disclosure of information about users and staff. | ||
| CVE-2018-16454 | Hig | 0.49 | 7.5 | 0.01 | Sep 7, 2018 | PHP Scripts Mall Currency Converter Script 2.0.5 allows remote attackers to cause a denial of service (web-interface change) via an inverted comma. | ||
| CVE-2019-20337 | Hig | 0.47 | 7.2 | 0.01 | Jan 5, 2020 | In PHP Scripts Mall advanced-real-estate-script 4.0.9, the news_edit.php news_id parameter is vulnerable to SQL Injection. | ||
| CVE-2017-17987 | Hig | 0.47 | 7.2 | 0.01 | Dec 30, 2017 | PHP Scripts Mall Muslim Matrimonial Script allows arbitrary file upload via admin/mydetails_edit.php. | ||
| CVE-2017-17941 | Hig | 0.47 | 7.2 | 0.01 | Dec 28, 2017 | PHP Scripts Mall Single Theater Booking has SQL Injection via the admin/movieview.php movieid parameter. | ||
| CVE-2017-17982 | Med | 0.44 | 6.8 | 0.00 | Dec 30, 2017 | PHP Scripts Mall Muslim Matrimonial Script has CSRF via admin/subadmin_edit.php. | ||
| CVE-2018-9857 | Med | 0.43 | 6.1 | 0.02 | Apr 9, 2018 | PHP Scripts Mall Match Clone Script 1.0.4 has XSS via the search field to searchbyid.php (aka the "View Search By Id" screen). | ||
| CVE-2018-6845 | Med | 0.43 | 6.1 | 0.03 | Feb 12, 2018 | PHP Scripts Mall Multi Language Olx Clone Script 2.0.6 has XSS via the Leave Comment field. | ||
| CVE-2019-9864 | Med | 0.42 | 6.5 | 0.01 | Mar 28, 2019 | PHP Scripts Mall Amazon Affiliate Store 2.1.6 allows Parameter Tampering of the payment amount. | ||
| CVE-2019-7436 | Med | 0.42 | 6.5 | 0.01 | Mar 21, 2019 | PHP Scripts Mall Opensource Classified Ads Script 3.2.2 has directory traversal via a direct request for a listing of an uploads directory. |
- risk 0.67cvss 9.8epss 0.03
Multiple SQL Injections exist in PHP Scripts Mall Schools Alert Management Script via crafted POST data in contact_us.php, faq.php, about.php, photo_gallery.php, privacy.php, and so on.
- risk 0.67cvss 9.8epss 0.05
SQL Injection exists in PHP Scripts Mall Schools Alert Management Script via the q Parameter in get_sec.php.
- risk 0.67cvss 9.8epss 0.03
SQL Injection exists in PHP Scripts Mall School Management Script 3.0.4 via the Username and Password fields to parents/Parent_module/parent_login.php.
- risk 0.67cvss 9.8epss 0.03
Advance B2B Script 2.1.3 has SQL Injection via the tradeshow-list-detail.php show_id or view-product.php pid parameter.
- risk 0.67cvss 9.8epss 0.03
Entrepreneur Job Portal Script 2.0.6 has SQL Injection via the jobsearch_all.php rid1 parameter.
- risk 0.64cvss 9.8epss 0.03
Arbitrary File Upload and Remote Code Execution exist in PHP Scripts Mall Schools Alert Management Script via $_FILE in /webmasterst/general.php, as demonstrated by a .php file with the image/jpeg content type.
- risk 0.64cvss 9.8epss 0.02
SQL Injection exists in PHP Scripts Mall Schools Alert Management Script 2.0.2 via the Login Parameter.
- risk 0.64cvss 9.8epss 0.02
PHP Scripts Mall News Website Script 2.0.4 has SQL Injection via a search term.
- risk 0.64cvss 9.8epss 0.02
SQL Injection exists in PHP Scripts Mall Select Your College Script 2.0.2 via a Login Parameter.
- risk 0.64cvss 9.8epss 0.01
PHP Scripts Mall PHP Multivendor Ecommerce has SQL Injection via the seller-view.php usid parameter.
- risk 0.64cvss 9.8epss 0.01
PHP Scripts Mall PHP Multivendor Ecommerce has SQL Injection via the my_wishlist.php fid parameter.
- risk 0.64cvss 9.8epss 0.01
PHP Scripts Mall PHP Multivendor Ecommerce has SQL Injection via the shopping-cart.php cusid parameter.
- risk 0.64cvss 9.8epss 0.01
PHP Scripts Mall Resume Clone Script has SQL Injection via the forget.php username parameter.
- risk 0.64cvss 9.8epss 0.01
PHP Scripts Mall Professional Service Script has SQL injection via the admin/review.php id parameter.
- risk 0.64cvss 9.8epss 0.01
PHP Scripts Mall Car Rental Script has SQL Injection via the admin/carlistedit.php carid parameter.
- risk 0.57cvss 8.8epss 0.01
PHP Scripts Mall Online Lottery PHP Readymade Script 1.7.0 has Cross-Site Request Forgery (CSRF) for Edit Profile actions.
- risk 0.57cvss 8.8epss 0.01
PHP Scripts Mall Rental Bike Script 2.0.3 has Cross-Site Request Forgery (CSRF) via the Edit Profile feature.
- risk 0.57cvss 8.8epss 0.01
PHP Scripts Mall Car Rental Script 2.0.8 has Cross-Site Request Forgery (CSRF) via accountedit.php.
- risk 0.57cvss 8.8epss 0.01
PHP Scripts Mall Basic B2B Script 2.0.9 has Cross-Site Request Forgery (CSRF) via the Edit profile feature.
- risk 0.57cvss 8.8epss 0.01
PHP Scripts Mall Entrepreneur Job Portal Script 3.0.1 has Cross-Site Request Forgery (CSRF) via the Edit Profile feature.
- risk 0.57cvss 8.8epss 0.01
PHP Scripts Mall Advance B2B Script 2.1.4 has Cross-Site Request Forgery (CSRF) via the Edit Profile feature.
- risk 0.57cvss 8.8epss 0.01
PHP Scripts Mall Chartered Accountant : Auditor Website 2.0.1 has CSRF via client/auditor/updprofile.php.
- risk 0.57cvss 8.8epss 0.01
PHP Scripts Mall Naukri Clone Script through 3.0.3 allows Unrestricted Upload of a File with a Dangerous Type in edit_resume_det.php, as demonstrated by changing .docx to .php.
- risk 0.57cvss 8.8epss 0.01
PHP Scripts Mall Website Seller Script 2.0.3 has CSRF via user_submit.php?upd=2, with resultant XSS.
- risk 0.57cvss 8.8epss 0.00
CSRF exists in student/personal-info in PHP Scripts Mall Online Tutoring Script 2.0.3.
- risk 0.57cvss 8.8epss 0.01
PHP Scripts Mall Hot Scripts Clone Script Classified v3.1 uses the client side to enforce validation of an e-mail address, which allows remote attackers to modify a registered e-mail address by removing the validation code.
- risk 0.57cvss 8.8epss 0.01
PHP Scripts Mall Website Seller Script 2.0.3 uses the client side to enforce validation of an e-mail address, which allows remote attackers to modify a registered e-mail address by removing the validation code.
- risk 0.57cvss 8.8epss 0.03
Arbitrary File Upload and Remote Code Execution exist in PHP Scripts Mall Schools Alert Management Script 2.0.2 via a profile picture.
- risk 0.57cvss 8.8epss 0.01
PHP Scripts Mall Muslim Matrimonial Script has SQL injection via the view-profile.php mem_id parameter.
- risk 0.57cvss 8.8epss 0.01
PHP Scripts Mall PHP Multivendor Ecommerce has CSRF via admin/sellerupd.php.
- risk 0.57cvss 8.8epss 0.00
PHP Scripts Mall Single Theater Booking has CSRF via admin/sitesettings.php.
- risk 0.57cvss 8.8epss 0.01
PHP Scripts Mall Professional Service Script has CSRF via admin/general_settingupd.php, as demonstrated by modifying a setting in the user panel.
- risk 0.57cvss 8.8epss 0.00
PHP Scripts Mall Responsive Realestate Script has CSRF via admin/general.
- risk 0.57cvss 8.8epss 0.01
PHP Scripts Mall Car Rental Script has CSRF via admin/sitesettings.php.
- risk 0.56cvss 8.6epss 0.01
PHP Scripts Mall PHP Multivendor Ecommerce has a predicable registration URL, which makes it easier for remote attackers to register with an invalid or spoofed e-mail address.
- risk 0.55cvss 7.5epss 0.39
Arbitrary File Read exists in PHP Scripts Mall Schools Alert Management Script via the f parameter in img.php, aka absolute path traversal.
- risk 0.53cvss 7.5epss 0.11
Arbitrary File Deletion exists in PHP Scripts Mall Schools Alert Management Script via the img parameter in delete_img.php by using directory traversal.
- risk 0.52cvss 8.0epss 0.01
PHP Scripts Mall Online Food Ordering Script 1.0 has Cross-Site Request Forgery (CSRF) in my-account.php.
- risk 0.52cvss 8.0epss 0.00
PHP Scripts Mall advanced-real-estate-script 4.0.9 has CSRF via edit-profile.php.
- risk 0.49cvss 7.5epss 0.02
PHP Scripts Mall Charity Foundation Script 1 through 3 allows directory traversal via a direct request for a listing of an uploads directory such as the wp-content/uploads/2018/12 directory.
- risk 0.49cvss 7.5epss 0.01
The Admin Panel of PHP Scripts Mall Advance Peer to Peer MLM Script v1.7.0 allows remote attackers to bypass intended access restrictions by directly navigating to admin/dashboard.php or admin/user.php, as demonstrated by disclosure of information about users and staff.
- risk 0.49cvss 7.5epss 0.01
PHP Scripts Mall Currency Converter Script 2.0.5 allows remote attackers to cause a denial of service (web-interface change) via an inverted comma.
- risk 0.47cvss 7.2epss 0.01
In PHP Scripts Mall advanced-real-estate-script 4.0.9, the news_edit.php news_id parameter is vulnerable to SQL Injection.
- risk 0.47cvss 7.2epss 0.01
PHP Scripts Mall Muslim Matrimonial Script allows arbitrary file upload via admin/mydetails_edit.php.
- risk 0.47cvss 7.2epss 0.01
PHP Scripts Mall Single Theater Booking has SQL Injection via the admin/movieview.php movieid parameter.
- risk 0.44cvss 6.8epss 0.00
PHP Scripts Mall Muslim Matrimonial Script has CSRF via admin/subadmin_edit.php.
- risk 0.43cvss 6.1epss 0.02
PHP Scripts Mall Match Clone Script 1.0.4 has XSS via the search field to searchbyid.php (aka the "View Search By Id" screen).
- risk 0.43cvss 6.1epss 0.03
PHP Scripts Mall Multi Language Olx Clone Script 2.0.6 has XSS via the Leave Comment field.
- risk 0.42cvss 6.5epss 0.01
PHP Scripts Mall Amazon Affiliate Store 2.1.6 allows Parameter Tampering of the payment amount.
- risk 0.42cvss 6.5epss 0.01
PHP Scripts Mall Opensource Classified Ads Script 3.2.2 has directory traversal via a direct request for a listing of an uploads directory.
Page 1 of 3