MidnightBSD

Advisories for paid_to_read_script_project

CVE-2017-17651 HIGH

Paid To Read Script 2.0.5 has SQL Injection via the admin/userview.php uid parameter, the admin/viewemcamp.php fnum parameter, or the admin/viewvisitcamp.php fn parameter.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
paid_to_read_script_project paid_to_read_script 2.0.5
CVE-2017-17776 MEDIUM

Paid To Read Script 2.0.5 has full path disclosure via an invalid admin/userview.php uid parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
paid_to_read_script_project paid_to_read_script 2.0.5
CVE-2017-17777 HIGH

Paid To Read Script 2.0.5 has authentication bypass in the admin panel via a direct request, as demonstrated by the admin/viewvisitcamp.php fn parameter and the admin/userview.php uid parameter.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,

Products Affected

Vendor Product Version
paid_to_read_script_project paid_to_read_script 2.0.5
CVE-2017-17778 LOW

Paid To Read Script 2.0.5 has XSS via the referrals.php tier parameter or the admin/userview.php uid parameter.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
paid_to_read_script_project paid_to_read_script 2.0.5
CVE-2017-17779 HIGH

Paid To Read Script 2.0.5 has SQL injection via the referrals.php id parameter.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
paid_to_read_script_project paid_to_read_script 2.0.5