MidnightBSD

Advisories for opensource_classified_ads_script_project

CVE-2017-17623 HIGH

Opensource Classified Ads Script 3.2 has SQL Injection via the advance_result.php keyword parameter.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
opensource_classified_ads_script_project opensource_classified_ads_script 3.2
CVE-2019-7435 MEDIUM

PHP Scripts Mall Opensource Classified Ads Script 3.2.2 has reflected HTML injection via the Search Form.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
opensource_classified_ads_script_project opensource_classified_ads_script 3.2.2
CVE-2019-7436 MEDIUM

PHP Scripts Mall Opensource Classified Ads Script 3.2.2 has directory traversal via a direct request for a listing of an uploads directory.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
opensource_classified_ads_script_project opensource_classified_ads_script 3.2.2
CVE-2019-7437 MEDIUM

PHP Scripts Mall Opensource Classified Ads Script 3.2.2 has reflected Cross-Site Scripting (XSS) via the Search field.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
opensource_classified_ads_script_project opensource_classified_ads_script 3.2.2