Vendor CVEs
Softbizscripts
All CVEs
39 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-15960 | Cri | 0.67 | 9.8 | 0.02 | Oct 29, 2017 | Article Directory Script 3.0 allows SQL Injection via the id parameter to author.php or category.php. | ||
| CVE-2018-25182 | Hig | 0.53 | 8.2 | 0.00 | Mar 6, 2026 | Silurus Classifieds Script 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the ID parameter. Attackers can send GET requests to wcategory.php with crafted SQL payloads in the… | ||
| CVE-2010-4905 | 0.03 | — | 0.01 | Oct 8, 2011 | SQL injection vulnerability in article_details.php in Softbiz Article Directory Script allows remote attackers to execute arbitrary SQL commands via the sbiz_id parameter. | |||
| CVE-2009-5003 | 0.03 | — | 0.01 | Sep 22, 2010 | SQL injection vulnerability in click.php in e-soft24 Banner Exchange Script 1.0 allows remote attackers to execute arbitrary SQL commands via the targetid parameter. | |||
| CVE-2010-0758 | 0.03 | — | 0.01 | Feb 27, 2010 | SQL injection vulnerability in news_desc.php in Softbiz Jobs allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||
| CVE-2009-2790 | 0.03 | — | 0.01 | Aug 17, 2009 | SQL injection vulnerability in cat_products.php in SoftBiz Dating Script allows remote attackers to execute arbitrary SQL commands via the cid parameter. NOTE: this might overlap CVE-2006-3271.4. | |||
| CVE-2009-2236 | 0.03 | — | 0.01 | Jun 27, 2009 | SQL injection vulnerability in yad-admin/login.php in Your Article Directory allows remote attackers to execute arbitrary SQL commands via the txtAdminEmail parameter. NOTE: some of these details are obtained from third party information. | |||
| CVE-2009-2235 | 0.03 | — | 0.01 | Jun 27, 2009 | SQL injection vulnerability in page.php in Your Articles Directory allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||
| CVE-2008-6325 | 0.03 | — | 0.01 | Feb 27, 2009 | Multiple cross-site scripting (XSS) vulnerabilities in Softbiz Classifieds Script allow remote attackers to inject arbitrary web script or HTML via the (1) radio parameter to showcategory.php, (2) msg parameter to advertisers/signinform.php, (3) radio parameter to gallery.php,… | |||
| CVE-2008-6306 | 0.03 | — | 0.01 | Feb 26, 2009 | Cross-site scripting (XSS) vulnerability in signinform.php in Softbiz Classifieds Script allows remote attackers to inject arbitrary web script or HTML via the msg parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party… | |||
| CVE-2008-5838 | 0.03 | — | 0.01 | Jan 5, 2009 | SQL injection vulnerability in search_results.php in E-Php Scripts E-Shop (aka E-Php Shopping Cart) Shopping Cart Script allows remote attackers to execute arbitrary SQL commands via the cid parameter. | |||
| CVE-2008-4458 | 0.03 | — | 0.01 | Oct 7, 2008 | SQL injection vulnerability in listings.php in E-Php B2B Trading Marketplace Script allows remote attackers to execute arbitrary SQL commands via the cid parameter in a product action. | |||
| CVE-2008-3511 | 0.03 | — | 0.02 | Aug 7, 2008 | Multiple cross-site scripting (XSS) vulnerabilities in Softbiz Image Gallery (Photo Gallery) allow remote attackers to inject arbitrary web script or HTML via the (1) latest parameter to (a) index.php, (b) images.php, (c) suggest_image.php, and (d) image_desc.php; and the (2)… | |||
| CVE-2008-2874 | 0.03 | — | 0.01 | Jun 26, 2008 | SQL injection vulnerability in index.php in Softbiz Jokes & Funny Pics Script allows remote attackers to execute arbitrary SQL commands via the sbjoke_id parameter, a different vector than CVE-2008-1050. | |||
| CVE-2008-2087 | 0.03 | — | 0.01 | May 6, 2008 | SQL injection vulnerability in search_result.php in Softbiz Web Host Directory Script, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the host_id parameter, a different vector than CVE-2005-3817. | |||
| CVE-2008-1050 | 0.03 | — | 0.01 | Feb 27, 2008 | SQL injection vulnerability in index.php in Softbiz Jokes & Funny Pics Script allows remote attackers to execute arbitrary SQL commands via the sbcat_id parameter. | |||
| CVE-2007-6124 | 0.03 | — | 0.02 | Nov 26, 2007 | Cross-site scripting (XSS) vulnerability in signin.php in Softbiz Freelancers Script 1 allows remote attackers to inject arbitrary web script or HTML via the errmsg parameter. | |||
| CVE-2007-6125 | 0.03 | — | 0.01 | Nov 26, 2007 | SQL injection vulnerability in search_form.php in Softbiz Freelancers Script 1 allows remote attackers to execute arbitrary SQL commands via the sb_protype parameter. | |||
| CVE-2007-5998 | 0.03 | — | 0.01 | Nov 15, 2007 | SQL injection vulnerability in ads.php in Softbiz Ad Management plus Script 1 allows remote authenticated users to execute arbitrary SQL commands via the package parameter. | |||
| CVE-2007-5999 | 0.03 | — | 0.01 | Nov 15, 2007 | SQL injection vulnerability in product_desc.php in Softbiz Auctions Script allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||
| CVE-2007-5997 | 0.03 | — | 0.01 | Nov 15, 2007 | SQL injection vulnerability in campaign_stats.php in Softbiz Banner Exchange Network Script 1.0 allows remote authenticated users to execute arbitrary SQL commands via the id parameter. | |||
| CVE-2007-5996 | 0.03 | — | 0.01 | Nov 15, 2007 | SQL injection vulnerability in searchresult.php in Softbiz Link Directory Script allows remote attackers to execute arbitrary SQL commands via the sbcat_id parameter, a related issue to CVE-2007-5449. | |||
| CVE-2007-5449 | 0.03 | — | 0.01 | Oct 14, 2007 | SQL injection vulnerability in searchresult.php in Softbiz Recipes Portal Script allows remote attackers to execute arbitrary SQL commands via the sbcat_id parameter. | |||
| CVE-2007-5316 | 0.03 | — | 0.01 | Oct 9, 2007 | SQL injection vulnerability in browsecats.php in Softbiz Jobs and Recruitment Script allows remote attackers to execute arbitrary SQL commands via the cid parameter. | |||
| CVE-2007-5122 | 0.03 | — | 0.01 | Sep 27, 2007 | SQL injection vulnerability in store_info.php in SoftBiz Classifieds PLUS allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||
| CVE-2006-3607 | 0.03 | — | 0.02 | Jul 18, 2006 | Multiple cross-site scripting (XSS) vulnerabilities in Softbiz Banner Exchange Script (aka Banner Exchange Network Script) 1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the city parameter in (a) insertmember.php, and (2) a PHPSESSID cookie in (b)… | |||
| CVE-2006-3271 | 0.03 | — | 0.01 | Jun 28, 2006 | Multiple SQL injection vulnerabilities in Softbiz Dating 1.0 allow remote attackers to execute SQL commands via the (1) country and (2) sort_by parameters in (a) search_results.php; (3) browse parameter in (b) featured_photos.php; (4) cid parameter in (c) products.php, (d)… | |||
| CVE-2006-1659 | 0.03 | — | 0.02 | Apr 7, 2006 | Multiple SQL injection vulnerabilities in Softbiz Image Gallery allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in image_desc.php, (2) provided parameter in template.php, (3) cid parameter in suggest_image.php, (4) img_id parameter in… | |||
| CVE-2005-3938 | 0.03 | — | 0.04 | Dec 1, 2005 | SQL injection vulnerability in Softbiz FAQ Script 1.1 and earler allows remote attackers to execute arbitrary SQL commands via the id parameter in (1) index.php, (2) faq_qanda.php, (3) refer_friend.php, (4) print_article.php, or (5) add_comment.php. | |||
| CVE-2005-3937 | 0.03 | — | 0.01 | Dec 1, 2005 | SQL injection vulnerability in Softbiz B2B Trading Marketplace Script 1.1 and earler allows remote attackers to execute arbitrary SQL commands via the cid parameter in (1) selloffers.php, (2) buyoffers.php, (3) products.php, or (4) profiles.php. | |||
| CVE-2005-3879 | 0.03 | — | 0.04 | Nov 29, 2005 | Multiple SQL injection vulnerabilities in Softbiz Resource Repository Script 1.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) sbres_id parameter in (a) details_res.php, (b) refer_friend.php, and (c) report_link.php, and (2) the sbcat_id… | |||
| CVE-2005-3817 | 0.03 | — | 0.04 | Nov 26, 2005 | Multiple SQL injection vulnerabilities in Softbiz Web Host Directory Script 1.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cid parameter in search_result.php, (2) sbres_id parameter in review.php, (3) cid parameter in browsecats.php, (4)… | |||
| CVE-2018-19457 | 0.01 | — | 0.04 | Nov 22, 2018 | Logicspice FAQ Script 2.9.7 allows uploading arbitrary files, which leads to remote command execution via admin/faqs/faqimages with a .php file. | |||
| CVE-2023-3535 | 0.00 | — | 0.00 | Jul 7, 2023 | A vulnerability was found in SimplePHPscripts FAQ Script PHP 2.3. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /preview.php of the component URL Parameter Handler. The manipulation leads to cross site scripting. The… | |||
| CVE-2017-20136 | 0.00 | — | 0.01 | Jul 16, 2022 | A vulnerability classified as critical has been found in Itech Classifieds Script 7.27. Affected is an unknown function of the file /subpage.php. The manipulation of the argument scat with the input =51' AND 4941=4941 AND 'hoCP'='hoCP leads to sql injection. It is possible to… | |||
| CVE-2017-20135 | 0.00 | — | 0.01 | Jul 16, 2022 | A vulnerability classified as critical was found in Itech Dating Script 3.26. Affected by this vulnerability is an unknown functionality of the file /see_more_details.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The… | |||
| CVE-2017-20134 | 0.00 | — | 0.01 | Jul 16, 2022 | A vulnerability, which was classified as critical, has been found in Itech Freelancer Script 5.13. Affected by this issue is some unknown functionality of the file /category.php. The manipulation of the argument sk leads to sql injection. The attack may be launched remotely. The… | |||
| CVE-2009-2232 | 0.00 | — | 0.01 | Jun 26, 2009 | SQL injection vulnerability in image.php in Softbiz Banner Ad Management Script allows remote attackers to execute arbitrary SQL commands via the size_id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||
| CVE-2006-1660 | 0.00 | — | 0.01 | Apr 7, 2006 | Cross-site scripting (XSS) vulnerability in image_desc.php in Softbiz Image Gallery allows remote attackers to inject arbitrary web script or HTML via msg parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. |
- risk 0.67cvss 9.8epss 0.02
Article Directory Script 3.0 allows SQL Injection via the id parameter to author.php or category.php.
- risk 0.53cvss 8.2epss 0.00
Silurus Classifieds Script 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the ID parameter. Attackers can send GET requests to wcategory.php with crafted SQL payloads in the…
- CVE-2010-4905Oct 8, 2011risk 0.03cvss —epss 0.01
SQL injection vulnerability in article_details.php in Softbiz Article Directory Script allows remote attackers to execute arbitrary SQL commands via the sbiz_id parameter.
- CVE-2009-5003Sep 22, 2010risk 0.03cvss —epss 0.01
SQL injection vulnerability in click.php in e-soft24 Banner Exchange Script 1.0 allows remote attackers to execute arbitrary SQL commands via the targetid parameter.
- CVE-2010-0758Feb 27, 2010risk 0.03cvss —epss 0.01
SQL injection vulnerability in news_desc.php in Softbiz Jobs allows remote attackers to execute arbitrary SQL commands via the id parameter.
- CVE-2009-2790Aug 17, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in cat_products.php in SoftBiz Dating Script allows remote attackers to execute arbitrary SQL commands via the cid parameter. NOTE: this might overlap CVE-2006-3271.4.
- CVE-2009-2236Jun 27, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in yad-admin/login.php in Your Article Directory allows remote attackers to execute arbitrary SQL commands via the txtAdminEmail parameter. NOTE: some of these details are obtained from third party information.
- CVE-2009-2235Jun 27, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in page.php in Your Articles Directory allows remote attackers to execute arbitrary SQL commands via the id parameter.
- CVE-2008-6325Feb 27, 2009risk 0.03cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in Softbiz Classifieds Script allow remote attackers to inject arbitrary web script or HTML via the (1) radio parameter to showcategory.php, (2) msg parameter to advertisers/signinform.php, (3) radio parameter to gallery.php,…
- CVE-2008-6306Feb 26, 2009risk 0.03cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in signinform.php in Softbiz Classifieds Script allows remote attackers to inject arbitrary web script or HTML via the msg parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party…
- CVE-2008-5838Jan 5, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in search_results.php in E-Php Scripts E-Shop (aka E-Php Shopping Cart) Shopping Cart Script allows remote attackers to execute arbitrary SQL commands via the cid parameter.
- CVE-2008-4458Oct 7, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in listings.php in E-Php B2B Trading Marketplace Script allows remote attackers to execute arbitrary SQL commands via the cid parameter in a product action.
- CVE-2008-3511Aug 7, 2008risk 0.03cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in Softbiz Image Gallery (Photo Gallery) allow remote attackers to inject arbitrary web script or HTML via the (1) latest parameter to (a) index.php, (b) images.php, (c) suggest_image.php, and (d) image_desc.php; and the (2)…
- CVE-2008-2874Jun 26, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in index.php in Softbiz Jokes & Funny Pics Script allows remote attackers to execute arbitrary SQL commands via the sbjoke_id parameter, a different vector than CVE-2008-1050.
- CVE-2008-2087May 6, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in search_result.php in Softbiz Web Host Directory Script, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the host_id parameter, a different vector than CVE-2005-3817.
- CVE-2008-1050Feb 27, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in index.php in Softbiz Jokes & Funny Pics Script allows remote attackers to execute arbitrary SQL commands via the sbcat_id parameter.
- CVE-2007-6124Nov 26, 2007risk 0.03cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in signin.php in Softbiz Freelancers Script 1 allows remote attackers to inject arbitrary web script or HTML via the errmsg parameter.
- CVE-2007-6125Nov 26, 2007risk 0.03cvss —epss 0.01
SQL injection vulnerability in search_form.php in Softbiz Freelancers Script 1 allows remote attackers to execute arbitrary SQL commands via the sb_protype parameter.
- CVE-2007-5998Nov 15, 2007risk 0.03cvss —epss 0.01
SQL injection vulnerability in ads.php in Softbiz Ad Management plus Script 1 allows remote authenticated users to execute arbitrary SQL commands via the package parameter.
- CVE-2007-5999Nov 15, 2007risk 0.03cvss —epss 0.01
SQL injection vulnerability in product_desc.php in Softbiz Auctions Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
- CVE-2007-5997Nov 15, 2007risk 0.03cvss —epss 0.01
SQL injection vulnerability in campaign_stats.php in Softbiz Banner Exchange Network Script 1.0 allows remote authenticated users to execute arbitrary SQL commands via the id parameter.
- CVE-2007-5996Nov 15, 2007risk 0.03cvss —epss 0.01
SQL injection vulnerability in searchresult.php in Softbiz Link Directory Script allows remote attackers to execute arbitrary SQL commands via the sbcat_id parameter, a related issue to CVE-2007-5449.
- CVE-2007-5449Oct 14, 2007risk 0.03cvss —epss 0.01
SQL injection vulnerability in searchresult.php in Softbiz Recipes Portal Script allows remote attackers to execute arbitrary SQL commands via the sbcat_id parameter.
- CVE-2007-5316Oct 9, 2007risk 0.03cvss —epss 0.01
SQL injection vulnerability in browsecats.php in Softbiz Jobs and Recruitment Script allows remote attackers to execute arbitrary SQL commands via the cid parameter.
- CVE-2007-5122Sep 27, 2007risk 0.03cvss —epss 0.01
SQL injection vulnerability in store_info.php in SoftBiz Classifieds PLUS allows remote attackers to execute arbitrary SQL commands via the id parameter.
- CVE-2006-3607Jul 18, 2006risk 0.03cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in Softbiz Banner Exchange Script (aka Banner Exchange Network Script) 1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the city parameter in (a) insertmember.php, and (2) a PHPSESSID cookie in (b)…
- CVE-2006-3271Jun 28, 2006risk 0.03cvss —epss 0.01
Multiple SQL injection vulnerabilities in Softbiz Dating 1.0 allow remote attackers to execute SQL commands via the (1) country and (2) sort_by parameters in (a) search_results.php; (3) browse parameter in (b) featured_photos.php; (4) cid parameter in (c) products.php, (d)…
- CVE-2006-1659Apr 7, 2006risk 0.03cvss —epss 0.02
Multiple SQL injection vulnerabilities in Softbiz Image Gallery allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in image_desc.php, (2) provided parameter in template.php, (3) cid parameter in suggest_image.php, (4) img_id parameter in…
- CVE-2005-3938Dec 1, 2005risk 0.03cvss —epss 0.04
SQL injection vulnerability in Softbiz FAQ Script 1.1 and earler allows remote attackers to execute arbitrary SQL commands via the id parameter in (1) index.php, (2) faq_qanda.php, (3) refer_friend.php, (4) print_article.php, or (5) add_comment.php.
- CVE-2005-3937Dec 1, 2005risk 0.03cvss —epss 0.01
SQL injection vulnerability in Softbiz B2B Trading Marketplace Script 1.1 and earler allows remote attackers to execute arbitrary SQL commands via the cid parameter in (1) selloffers.php, (2) buyoffers.php, (3) products.php, or (4) profiles.php.
- CVE-2005-3879Nov 29, 2005risk 0.03cvss —epss 0.04
Multiple SQL injection vulnerabilities in Softbiz Resource Repository Script 1.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) sbres_id parameter in (a) details_res.php, (b) refer_friend.php, and (c) report_link.php, and (2) the sbcat_id…
- CVE-2005-3817Nov 26, 2005risk 0.03cvss —epss 0.04
Multiple SQL injection vulnerabilities in Softbiz Web Host Directory Script 1.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cid parameter in search_result.php, (2) sbres_id parameter in review.php, (3) cid parameter in browsecats.php, (4)…
- CVE-2018-19457Nov 22, 2018risk 0.01cvss —epss 0.04
Logicspice FAQ Script 2.9.7 allows uploading arbitrary files, which leads to remote command execution via admin/faqs/faqimages with a .php file.
- CVE-2023-3535Jul 7, 2023risk 0.00cvss —epss 0.00
A vulnerability was found in SimplePHPscripts FAQ Script PHP 2.3. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /preview.php of the component URL Parameter Handler. The manipulation leads to cross site scripting. The…
- CVE-2017-20136Jul 16, 2022risk 0.00cvss —epss 0.01
A vulnerability classified as critical has been found in Itech Classifieds Script 7.27. Affected is an unknown function of the file /subpage.php. The manipulation of the argument scat with the input =51' AND 4941=4941 AND 'hoCP'='hoCP leads to sql injection. It is possible to…
- CVE-2017-20135Jul 16, 2022risk 0.00cvss —epss 0.01
A vulnerability classified as critical was found in Itech Dating Script 3.26. Affected by this vulnerability is an unknown functionality of the file /see_more_details.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The…
- CVE-2017-20134Jul 16, 2022risk 0.00cvss —epss 0.01
A vulnerability, which was classified as critical, has been found in Itech Freelancer Script 5.13. Affected by this issue is some unknown functionality of the file /category.php. The manipulation of the argument sk leads to sql injection. The attack may be launched remotely. The…
- CVE-2009-2232Jun 26, 2009risk 0.00cvss —epss 0.01
SQL injection vulnerability in image.php in Softbiz Banner Ad Management Script allows remote attackers to execute arbitrary SQL commands via the size_id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
- CVE-2006-1660Apr 7, 2006risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in image_desc.php in Softbiz Image Gallery allows remote attackers to inject arbitrary web script or HTML via msg parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.