Website Broker Script allows SQL Injection via the 'status_id' Parameter to status_list.php.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-89,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| website_broker_script_project | website_broker_script | - |
PHP Scripts Mall Website Broker Script 3.0.6 has XSS via the Last Name field on the My Profile page.
CVSS 2.0
Severity: LOW
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| website_broker_script_project | website_broker_script | 3.0.6 |