MidnightBSD

Advisories for single_theater_booking_script_project

CVE-2017-17634 HIGH

Single Theater Booking Script 3.2.1 has SQL Injection via the findcity.php q parameter.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
single_theater_booking_script_project single_theater_booking_script 3.2.1
CVE-2017-17938 LOW

PHP Scripts Mall Single Theater Booking has XSS via the admin/viewtheatre.php theatreid parameter.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
single_theater_booking_script_project single_theater_booking_script 3.2.2
CVE-2017-17939 MEDIUM

PHP Scripts Mall Single Theater Booking has CSRF via admin/sitesettings.php.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
single_theater_booking_script_project single_theater_booking_script 3.2.2
CVE-2017-17940 LOW

PHP Scripts Mall Single Theater Booking has XSS via the title parameter to admin/sitesettings.php.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
single_theater_booking_script_project single_theater_booking_script 3.2.2
CVE-2017-17941 MEDIUM

PHP Scripts Mall Single Theater Booking has SQL Injection via the admin/movieview.php movieid parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,

Products Affected

Vendor Product Version
single_theater_booking_script_project single_theater_booking_script 3.2.2