MidnightBSD

Advisories for advance_b2b_script_project

CVE-2017-17602 HIGH

Advance B2B Script 2.1.3 has SQL Injection via the tradeshow-list-detail.php show_id or view-product.php pid parameter.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
advance_b2b_script_project advance_b2b_script 2.1.3
CVE-2018-20632 LOW

PHP Scripts Mall Advance B2B Script 2.1.4 has stored Cross-Site Scripting (XSS) via the FIRST NAME or LAST NAME field.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
advance_b2b_script_project advance_b2b_script 2.1.4
CVE-2018-20633 MEDIUM

PHP Scripts Mall Advance B2B Script 2.1.4 has Cross-Site Request Forgery (CSRF) via the Edit Profile feature.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
advance_b2b_script_project advance_b2b_script 2.1.4
CVE-2018-20634 MEDIUM

PHP Scripts Mall Advance B2B Script 2.1.4 allows remote attackers to cause a denial of service (changed Page structure) via JavaScript code in the First Name field.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
advance_b2b_script_project advance_b2b_script 2.1.4
CVE-2018-20635 MEDIUM

PHP Scripts Mall Advance B2B Script 2.1.4 has directory traversal via a direct request for a listing of an image directory such as an assets/ directory.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
advance_b2b_script_project advance_b2b_script 2.1.4