MidnightBSD

Advisories for php_multivendor_ecommerce_project

CVE-2017-17624 HIGH

PHP Multivendor Ecommerce 1.0 has SQL Injection via the single_detail.php sid parameter, or the category.php searchcat or chid1 parameter.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
php_multivendor_ecommerce_project php_multivendor_ecommerce 1.0
CVE-2017-17951 HIGH

PHP Scripts Mall PHP Multivendor Ecommerce has SQL Injection via the shopping-cart.php cusid parameter.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
php_multivendor_ecommerce_project php_multivendor_ecommerce -
CVE-2017-17952 MEDIUM

PHP Scripts Mall PHP Multivendor Ecommerce has a predicable registration URL, which makes it easier for remote attackers to register with an invalid or spoofed e-mail address.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
php_multivendor_ecommerce_project php_multivendor_ecommerce -
CVE-2017-17953 MEDIUM

PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the category.php chid1 parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
php_multivendor_ecommerce_project php_multivendor_ecommerce -
CVE-2017-17954 MEDIUM

PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the seller-view.php usid parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
php_multivendor_ecommerce_project php_multivendor_ecommerce -
CVE-2017-17955 MEDIUM

PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the shopping-cart.php cusid parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
php_multivendor_ecommerce_project php_multivendor_ecommerce -
CVE-2017-17956 MEDIUM

PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the admin/sellerupd.php companyname parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
php_multivendor_ecommerce_project php_multivendor_ecommerce -
CVE-2017-17957 HIGH

PHP Scripts Mall PHP Multivendor Ecommerce has SQL Injection via the my_wishlist.php fid parameter.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
php_multivendor_ecommerce_project php_multivendor_ecommerce -
CVE-2017-17958 MEDIUM

PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the my_wishlist.php fid parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
php_multivendor_ecommerce_project php_multivendor_ecommerce -
CVE-2017-17959 HIGH

PHP Scripts Mall PHP Multivendor Ecommerce has SQL Injection via the seller-view.php usid parameter.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
php_multivendor_ecommerce_project php_multivendor_ecommerce -
CVE-2017-17960 MEDIUM

PHP Scripts Mall PHP Multivendor Ecommerce has CSRF via admin/sellerupd.php.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
php_multivendor_ecommerce_project php_multivendor_ecommerce -