MidnightBSD

Advisories for advanced_real_estate_script_project

CVE-2017-17603 HIGH

Advanced Real Estate Script 4.0.7 has SQL Injection via the search-results.php Projectmain, proj_type, searchtext, sell_price, or maxprice parameter.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
advanced_real_estate_script_project advanced_real_estate_script 4.0.7
CVE-2018-15187 MEDIUM

PHP Scripts Mall advanced-real-estate-script 4.0.9 has CSRF via edit-profile.php.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
advanced_real_estate_script_project advanced_real_estate_script 4.0.9
CVE-2018-15188 MEDIUM

PHP Scripts Mall advanced-real-estate-script 4.0.9 allows remote attackers to cause a denial of service (page structure loss) via crafted JavaScript code in the Name field of a profile.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
advanced_real_estate_script_project advanced_real_estate_script 4.0.9
CVE-2018-15189 LOW

PHP Scripts Mall advanced-real-estate-script has XSS via the Name field of a profile.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
advanced_real_estate_script_project advanced_real_estate_script 4.0.9
CVE-2018-5072 LOW

Online Ticket Booking has XSS via the admin/sitesettings.php keyword parameter.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
advanced_real_estate_script_project advanced_real_estate_script -
CVE-2018-5073 MEDIUM

Online Ticket Booking has CSRF via admin/movieedit.php.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
advanced_real_estate_script_project advanced_real_estate_script -
CVE-2018-5074 LOW

Online Ticket Booking has XSS via the admin/manageownerlist.php contact parameter.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
advanced_real_estate_script_project advanced_real_estate_script -
CVE-2018-5075 LOW

Online Ticket Booking has XSS via the admin/snacks_edit.php snacks_name parameter.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
advanced_real_estate_script_project advanced_real_estate_script -
CVE-2018-5076 LOW

Online Ticket Booking has XSS via the admin/newsedit.php newstitle parameter.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
advanced_real_estate_script_project advanced_real_estate_script -
CVE-2018-5077 LOW

Online Ticket Booking has XSS via the admin/movieedit.php moviename parameter.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
advanced_real_estate_script_project advanced_real_estate_script -
CVE-2018-5078 LOW

Online Ticket Booking has XSS via the admin/eventlist.php cast parameter.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
advanced_real_estate_script_project advanced_real_estate_script -
CVE-2019-20336 MEDIUM

In PHP Scripts Mall advanced-real-estate-script 4.0.9, the search-results.php searchtext parameter is vulnerable to XSS.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
advanced_real_estate_script_project advanced_real_estate_script 4.0.9
CVE-2019-20337 MEDIUM

In PHP Scripts Mall advanced-real-estate-script 4.0.9, the news_edit.php news_id parameter is vulnerable to SQL Injection.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,

Products Affected

Vendor Product Version
advanced_real_estate_script_project advanced_real_estate_script 4.0.9