Advanced Real Estate Script 4.0.7 has SQL Injection via the search-results.php Projectmain, proj_type, searchtext, sell_price, or maxprice parameter.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-89,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| advanced_real_estate_script_project | advanced_real_estate_script | 4.0.7 |
PHP Scripts Mall advanced-real-estate-script 4.0.9 has CSRF via edit-profile.php.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-352,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| advanced_real_estate_script_project | advanced_real_estate_script | 4.0.9 |
PHP Scripts Mall advanced-real-estate-script 4.0.9 allows remote attackers to cause a denial of service (page structure loss) via crafted JavaScript code in the Name field of a profile.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| advanced_real_estate_script_project | advanced_real_estate_script | 4.0.9 |
PHP Scripts Mall advanced-real-estate-script has XSS via the Name field of a profile.
CVSS 2.0
Severity: LOW
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| advanced_real_estate_script_project | advanced_real_estate_script | 4.0.9 |
Online Ticket Booking has XSS via the admin/sitesettings.php keyword parameter.
CVSS 2.0
Severity: LOW
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| advanced_real_estate_script_project | advanced_real_estate_script | - |
Online Ticket Booking has CSRF via admin/movieedit.php.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-352,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| advanced_real_estate_script_project | advanced_real_estate_script | - |
Online Ticket Booking has XSS via the admin/manageownerlist.php contact parameter.
CVSS 2.0
Severity: LOW
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| advanced_real_estate_script_project | advanced_real_estate_script | - |
Online Ticket Booking has XSS via the admin/snacks_edit.php snacks_name parameter.
CVSS 2.0
Severity: LOW
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| advanced_real_estate_script_project | advanced_real_estate_script | - |
Online Ticket Booking has XSS via the admin/newsedit.php newstitle parameter.
CVSS 2.0
Severity: LOW
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| advanced_real_estate_script_project | advanced_real_estate_script | - |
Online Ticket Booking has XSS via the admin/movieedit.php moviename parameter.
CVSS 2.0
Severity: LOW
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| advanced_real_estate_script_project | advanced_real_estate_script | - |
Online Ticket Booking has XSS via the admin/eventlist.php cast parameter.
CVSS 2.0
Severity: LOW
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| advanced_real_estate_script_project | advanced_real_estate_script | - |
In PHP Scripts Mall advanced-real-estate-script 4.0.9, the search-results.php searchtext parameter is vulnerable to XSS.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | 2.8 | 2.7 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| advanced_real_estate_script_project | advanced_real_estate_script | 4.0.9 |
In PHP Scripts Mall advanced-real-estate-script 4.0.9, the news_edit.php news_id parameter is vulnerable to SQL Injection.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.2 | HIGH | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 1.2 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-89,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| advanced_real_estate_script_project | advanced_real_estate_script | 4.0.9 |