| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| PHP Scripts Mall Car Rental Script 2.0.8 has directory traversal via a direct request for a listing of an image directory such as an images/ directory. |
| PHP Scripts Mall Basic B2B Script 2.0.9 has has directory traversal via a direct request for a listing of an image directory such as an uploads/ directory. |
| PHP Scripts Mall Basic B2B Script 2.0.9 has HTML injection via the First Name or Last Name field. |
| PHP Scripts Mall Basic B2B Script 2.0.9 has Cross-Site Request Forgery (CSRF) via the Edit profile feature. |
| PHP Scripts Mall Entrepreneur Job Portal Script 3.0.1 has directory traversal via a direct request for a listing of an image directory such as an assets/ directory. |
| PHP Scripts Mall Entrepreneur Job Portal Script 3.0.1 allows remote attackers to cause a denial of service (outage of profile editing) via crafted JavaScript code in the KeySkills field. |
| PHP Scripts Mall Entrepreneur Job Portal Script 3.0.1 has Cross-Site Request Forgery (CSRF) via the Edit Profile feature. |
| PHP Scripts Mall Entrepreneur Job Portal Script 3.0.1 has stored Cross-Site Scripting (XSS) via the Full Name field. |
| PHP Scripts Mall Entrepreneur Job Portal Script 3.0.1 has HTML injection via the Search Bar. |
| PHP Scripts Mall Chartered Accountant : Auditor Website 2.0.1 has directory traversal via a direct request for a listing of an image directory such as an assets/ directory. |
| PHP Scripts Mall Chartered Accountant : Auditor Website 2.0.1 allows remote attackers to cause a denial of service (unrecoverable blank profile) via crafted JavaScript code in the First Name and Last Name field. |
| PHP Scripts Mall Chartered Accountant : Auditor Website 2.0.1 has HTML injection via the First Name field. |
| PHP Scripts Mall Advance B2B Script 2.1.4 has directory traversal via a direct request for a listing of an image directory such as an assets/ directory. |
| PHP Scripts Mall Advance B2B Script 2.1.4 allows remote attackers to cause a denial of service (changed Page structure) via JavaScript code in the First Name field. |
| PHP Scripts Mall Advance B2B Script 2.1.4 has Cross-Site Request Forgery (CSRF) via the Edit Profile feature. |
| PHP Scripts Mall Advance B2B Script 2.1.4 has stored Cross-Site Scripting (XSS) via the FIRST NAME or LAST NAME field. |
| PHP Scripts Mall Website Seller Script 2.0.5 allows full Path Disclosure via a request for an arbitrary image URL such as a .png file. |
| PHP Scripts Mall Advance Crowdfunding Script 2.0.3 has directory traversal via a direct request for a listing of an uploads directory such as the wp-content/uploads/2018/12 directory. |
| PHP Scripts Mall Charity Donation Script readymadeb2bscript has directory traversal via a direct request for a listing of an uploads directory such as the wp-content/uploads/2018/12 directory. |
| PHP Scripts Mall Charity Foundation Script 1 through 3 allows directory traversal via a direct request for a listing of an uploads directory such as the wp-content/uploads/2018/12 directory. |
