VYPR

Vendor CVEs

Softbizscripts

All CVEs

39 total · sorted by risk
  • CVE-2017-15960CriOct 29, 2017
    risk 0.67cvss 9.8epss 0.02

    Article Directory Script 3.0 allows SQL Injection via the id parameter to author.php or category.php.

  • CVE-2018-25182HigMar 6, 2026
    risk 0.53cvss 8.2epss 0.00

    Silurus Classifieds Script 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the ID parameter. Attackers can send GET requests to wcategory.php with crafted SQL payloads in the…

  • CVE-2010-4905Oct 8, 2011
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in article_details.php in Softbiz Article Directory Script allows remote attackers to execute arbitrary SQL commands via the sbiz_id parameter.

  • CVE-2009-5003Sep 22, 2010
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in click.php in e-soft24 Banner Exchange Script 1.0 allows remote attackers to execute arbitrary SQL commands via the targetid parameter.

  • CVE-2010-0758Feb 27, 2010
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in news_desc.php in Softbiz Jobs allows remote attackers to execute arbitrary SQL commands via the id parameter.

  • CVE-2009-2790Aug 17, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in cat_products.php in SoftBiz Dating Script allows remote attackers to execute arbitrary SQL commands via the cid parameter. NOTE: this might overlap CVE-2006-3271.4.

  • CVE-2009-2236Jun 27, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in yad-admin/login.php in Your Article Directory allows remote attackers to execute arbitrary SQL commands via the txtAdminEmail parameter. NOTE: some of these details are obtained from third party information.

  • CVE-2009-2235Jun 27, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in page.php in Your Articles Directory allows remote attackers to execute arbitrary SQL commands via the id parameter.

  • CVE-2008-6325Feb 27, 2009
    risk 0.03cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in Softbiz Classifieds Script allow remote attackers to inject arbitrary web script or HTML via the (1) radio parameter to showcategory.php, (2) msg parameter to advertisers/signinform.php, (3) radio parameter to gallery.php,…

  • CVE-2008-6306Feb 26, 2009
    risk 0.03cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in signinform.php in Softbiz Classifieds Script allows remote attackers to inject arbitrary web script or HTML via the msg parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party…

  • CVE-2008-5838Jan 5, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in search_results.php in E-Php Scripts E-Shop (aka E-Php Shopping Cart) Shopping Cart Script allows remote attackers to execute arbitrary SQL commands via the cid parameter.

  • CVE-2008-4458Oct 7, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in listings.php in E-Php B2B Trading Marketplace Script allows remote attackers to execute arbitrary SQL commands via the cid parameter in a product action.

  • CVE-2008-3511Aug 7, 2008
    risk 0.03cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in Softbiz Image Gallery (Photo Gallery) allow remote attackers to inject arbitrary web script or HTML via the (1) latest parameter to (a) index.php, (b) images.php, (c) suggest_image.php, and (d) image_desc.php; and the (2)…

  • CVE-2008-2874Jun 26, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in Softbiz Jokes & Funny Pics Script allows remote attackers to execute arbitrary SQL commands via the sbjoke_id parameter, a different vector than CVE-2008-1050.

  • CVE-2008-2087May 6, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in search_result.php in Softbiz Web Host Directory Script, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the host_id parameter, a different vector than CVE-2005-3817.

  • CVE-2008-1050Feb 27, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in Softbiz Jokes & Funny Pics Script allows remote attackers to execute arbitrary SQL commands via the sbcat_id parameter.

  • CVE-2007-6124Nov 26, 2007
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in signin.php in Softbiz Freelancers Script 1 allows remote attackers to inject arbitrary web script or HTML via the errmsg parameter.

  • CVE-2007-6125Nov 26, 2007
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in search_form.php in Softbiz Freelancers Script 1 allows remote attackers to execute arbitrary SQL commands via the sb_protype parameter.

  • CVE-2007-5998Nov 15, 2007
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in ads.php in Softbiz Ad Management plus Script 1 allows remote authenticated users to execute arbitrary SQL commands via the package parameter.

  • CVE-2007-5999Nov 15, 2007
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in product_desc.php in Softbiz Auctions Script allows remote attackers to execute arbitrary SQL commands via the id parameter.

  • CVE-2007-5997Nov 15, 2007
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in campaign_stats.php in Softbiz Banner Exchange Network Script 1.0 allows remote authenticated users to execute arbitrary SQL commands via the id parameter.

  • CVE-2007-5996Nov 15, 2007
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in searchresult.php in Softbiz Link Directory Script allows remote attackers to execute arbitrary SQL commands via the sbcat_id parameter, a related issue to CVE-2007-5449.

  • CVE-2007-5449Oct 14, 2007
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in searchresult.php in Softbiz Recipes Portal Script allows remote attackers to execute arbitrary SQL commands via the sbcat_id parameter.

  • CVE-2007-5316Oct 9, 2007
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in browsecats.php in Softbiz Jobs and Recruitment Script allows remote attackers to execute arbitrary SQL commands via the cid parameter.

  • CVE-2007-5122Sep 27, 2007
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in store_info.php in SoftBiz Classifieds PLUS allows remote attackers to execute arbitrary SQL commands via the id parameter.

  • CVE-2006-3607Jul 18, 2006
    risk 0.03cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in Softbiz Banner Exchange Script (aka Banner Exchange Network Script) 1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the city parameter in (a) insertmember.php, and (2) a PHPSESSID cookie in (b)…

  • CVE-2006-3271Jun 28, 2006
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in Softbiz Dating 1.0 allow remote attackers to execute SQL commands via the (1) country and (2) sort_by parameters in (a) search_results.php; (3) browse parameter in (b) featured_photos.php; (4) cid parameter in (c) products.php, (d)…

  • CVE-2006-1659Apr 7, 2006
    risk 0.03cvss epss 0.02

    Multiple SQL injection vulnerabilities in Softbiz Image Gallery allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in image_desc.php, (2) provided parameter in template.php, (3) cid parameter in suggest_image.php, (4) img_id parameter in…

  • CVE-2005-3938Dec 1, 2005
    risk 0.03cvss epss 0.04

    SQL injection vulnerability in Softbiz FAQ Script 1.1 and earler allows remote attackers to execute arbitrary SQL commands via the id parameter in (1) index.php, (2) faq_qanda.php, (3) refer_friend.php, (4) print_article.php, or (5) add_comment.php.

  • CVE-2005-3937Dec 1, 2005
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in Softbiz B2B Trading Marketplace Script 1.1 and earler allows remote attackers to execute arbitrary SQL commands via the cid parameter in (1) selloffers.php, (2) buyoffers.php, (3) products.php, or (4) profiles.php.

  • CVE-2005-3879Nov 29, 2005
    risk 0.03cvss epss 0.04

    Multiple SQL injection vulnerabilities in Softbiz Resource Repository Script 1.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) sbres_id parameter in (a) details_res.php, (b) refer_friend.php, and (c) report_link.php, and (2) the sbcat_id…

  • CVE-2005-3817Nov 26, 2005
    risk 0.03cvss epss 0.04

    Multiple SQL injection vulnerabilities in Softbiz Web Host Directory Script 1.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cid parameter in search_result.php, (2) sbres_id parameter in review.php, (3) cid parameter in browsecats.php, (4)…

  • CVE-2018-19457Nov 22, 2018
    risk 0.01cvss epss 0.04

    Logicspice FAQ Script 2.9.7 allows uploading arbitrary files, which leads to remote command execution via admin/faqs/faqimages with a .php file.

  • CVE-2023-3535Jul 7, 2023
    risk 0.00cvss epss 0.00

    A vulnerability was found in SimplePHPscripts FAQ Script PHP 2.3. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /preview.php of the component URL Parameter Handler. The manipulation leads to cross site scripting. The…

  • CVE-2017-20136Jul 16, 2022
    risk 0.00cvss epss 0.01

    A vulnerability classified as critical has been found in Itech Classifieds Script 7.27. Affected is an unknown function of the file /subpage.php. The manipulation of the argument scat with the input =51' AND 4941=4941 AND 'hoCP'='hoCP leads to sql injection. It is possible to…

  • CVE-2017-20135Jul 16, 2022
    risk 0.00cvss epss 0.01

    A vulnerability classified as critical was found in Itech Dating Script 3.26. Affected by this vulnerability is an unknown functionality of the file /see_more_details.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The…

  • CVE-2017-20134Jul 16, 2022
    risk 0.00cvss epss 0.01

    A vulnerability, which was classified as critical, has been found in Itech Freelancer Script 5.13. Affected by this issue is some unknown functionality of the file /category.php. The manipulation of the argument sk leads to sql injection. The attack may be launched remotely. The…

  • CVE-2009-2232Jun 26, 2009
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in image.php in Softbiz Banner Ad Management Script allows remote attackers to execute arbitrary SQL commands via the size_id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

  • CVE-2006-1660Apr 7, 2006
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in image_desc.php in Softbiz Image Gallery allows remote attackers to inject arbitrary web script or HTML via msg parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.