MidnightBSD

Advisories for readymade_video_sharing_script_project

CVE-2017-17627 HIGH

Readymade Video Sharing Script 3.2 has SQL Injection via the single-video-detail.php report_videos array parameter.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
readymade_video_sharing_script_project readymade_video_sharing_script 3.2
CVE-2017-17649 MEDIUM

Readymade Video Sharing Script 3.2 has HTML Injection via the single-video-detail.php comment parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-94,

Products Affected

Vendor Product Version
readymade_video_sharing_script_project readymade_video_sharing_script 3.2
CVE-2017-17891 MEDIUM

Readymade Video Sharing Script has CSRF via user-profile-edit.php.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
readymade_video_sharing_script_project readymade_video_sharing_script 3.2
CVE-2017-17892 HIGH

Readymade Video Sharing Script has SQL Injection via the viewsubs.php chnlid parameter or the search_video.php search parameter.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
readymade_video_sharing_script_project readymade_video_sharing_script 3.2
CVE-2017-17893 MEDIUM

Readymade Video Sharing Script has XSS via the search_video.php search parameter, the viewsubs.php chnlid parameter, or the user-profile-edit.php fname parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
readymade_video_sharing_script_project readymade_video_sharing_script 3.2