Search criteria
30 vulnerabilities by Iscripts
CVE-2019-25481 (GCVE-0-2019-25481)
Vulnerability from cvelistv5 – Published: 2026-03-12 15:36 – Updated: 2026-03-14 03:40
VLAI
Title
iScripts ReserveLogic Lastest SQL Injection via search endpoint
Summary
iScripts ReserveLogic contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the jqSearchDestination parameter. Attackers can send POST requests to the search endpoint with crafted SQL payloads to extract sensitive database information.
Severity
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/46640 | exploit |
| https://www.vulncheck.com/advisories/iscripts-res… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Iscripts | iScripts ReserveLogic |
Affected:
*
|
Date Public
2019-03-29 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-25481",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-14T03:40:04.317704Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-14T03:40:20.995Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "iScripts ReserveLogic",
"vendor": "Iscripts",
"versions": [
{
"status": "affected",
"version": "*"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ahmet \u00dcmit BAYRAM"
}
],
"datePublic": "2019-03-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "iScripts ReserveLogic contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the jqSearchDestination parameter. Attackers can send POST requests to the search endpoint with crafted SQL payloads to extract sensitive database information."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-12T15:36:39.860Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-46640",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/46640"
},
{
"name": "VulnCheck Advisory: iScripts ReserveLogic Lastest SQL Injection via search endpoint",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/iscripts-reservelogic-lastest-sql-injection-via-search-endpoint"
}
],
"title": "iScripts ReserveLogic Lastest SQL Injection via search endpoint",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2019-25481",
"datePublished": "2026-03-12T15:36:39.860Z",
"dateReserved": "2026-02-23T12:15:05.149Z",
"dateUpdated": "2026-03-14T03:40:20.995Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2018-11470 (GCVE-0-2018-11470)
Vulnerability from cvelistv5 – Published: 2018-05-25 14:00 – Updated: 2024-09-17 00:21
VLAI
Summary
iScripts eSwap v2.4 has SQL injection via the "search.php" 'Told' parameter in the User Panel.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/hi-KK/CVE-Hunter/blob/master/3.md | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:10:14.386Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/hi-KK/CVE-Hunter/blob/master/3.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "iScripts eSwap v2.4 has SQL injection via the \"search.php\" \u0027Told\u0027 parameter in the User Panel."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-25T14:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/hi-KK/CVE-Hunter/blob/master/3.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-11470",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "iScripts eSwap v2.4 has SQL injection via the \"search.php\" \u0027Told\u0027 parameter in the User Panel."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/hi-KK/CVE-Hunter/blob/master/3.md",
"refsource": "MISC",
"url": "https://github.com/hi-KK/CVE-Hunter/blob/master/3.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-11470",
"datePublished": "2018-05-25T14:00:00.000Z",
"dateReserved": "2018-05-25T00:00:00.000Z",
"dateUpdated": "2024-09-17T00:21:12.463Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-11372 (GCVE-0-2018-11372)
Vulnerability from cvelistv5 – Published: 2018-05-22 17:00 – Updated: 2024-09-16 19:10
VLAI
Summary
iScripts eSwap v2.4 has SQL injection via the wishlistdetailed.php User Panel ToId parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/hi-KK/CVE-Hunter/blob/master/1.md | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:10:13.506Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/hi-KK/CVE-Hunter/blob/master/1.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "iScripts eSwap v2.4 has SQL injection via the wishlistdetailed.php User Panel ToId parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-22T17:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/hi-KK/CVE-Hunter/blob/master/1.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-11372",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "iScripts eSwap v2.4 has SQL injection via the wishlistdetailed.php User Panel ToId parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/hi-KK/CVE-Hunter/blob/master/1.md",
"refsource": "MISC",
"url": "https://github.com/hi-KK/CVE-Hunter/blob/master/1.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-11372",
"datePublished": "2018-05-22T17:00:00.000Z",
"dateReserved": "2018-05-22T00:00:00.000Z",
"dateUpdated": "2024-09-16T19:10:23.165Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-11373 (GCVE-0-2018-11373)
Vulnerability from cvelistv5 – Published: 2018-05-22 17:00 – Updated: 2024-09-17 02:52
VLAI
Summary
iScripts eSwap v2.4 has SQL injection via the "salelistdetailed.php" User Panel ToId parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/hi-KK/CVE-Hunter/blob/master/2.md | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:10:13.320Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/hi-KK/CVE-Hunter/blob/master/2.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "iScripts eSwap v2.4 has SQL injection via the \"salelistdetailed.php\" User Panel ToId parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-22T17:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/hi-KK/CVE-Hunter/blob/master/2.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-11373",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "iScripts eSwap v2.4 has SQL injection via the \"salelistdetailed.php\" User Panel ToId parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/hi-KK/CVE-Hunter/blob/master/2.md",
"refsource": "MISC",
"url": "https://github.com/hi-KK/CVE-Hunter/blob/master/2.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-11373",
"datePublished": "2018-05-22T17:00:00.000Z",
"dateReserved": "2018-05-22T00:00:00.000Z",
"dateUpdated": "2024-09-17T02:52:52.269Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-10137 (GCVE-0-2018-10137)
Vulnerability from cvelistv5 – Published: 2018-04-16 17:00 – Updated: 2024-09-16 22:21
VLAI
Summary
iScripts UberforX 2.2 has CSRF in the "manage_settings" section of the Admin Panel via the /cms?section=manage_settings&action=edit URI.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://pastebin.com/TCEWRZEd | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:32:01.173Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://pastebin.com/TCEWRZEd"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "iScripts UberforX 2.2 has CSRF in the \"manage_settings\" section of the Admin Panel via the /cms?section=manage_settings\u0026action=edit URI."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-16T17:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://pastebin.com/TCEWRZEd"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-10137",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "iScripts UberforX 2.2 has CSRF in the \"manage_settings\" section of the Admin Panel via the /cms?section=manage_settings\u0026action=edit URI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pastebin.com/TCEWRZEd",
"refsource": "MISC",
"url": "https://pastebin.com/TCEWRZEd"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-10137",
"datePublished": "2018-04-16T17:00:00.000Z",
"dateReserved": "2018-04-16T00:00:00.000Z",
"dateUpdated": "2024-09-16T22:21:05.252Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-10135 (GCVE-0-2018-10135)
Vulnerability from cvelistv5 – Published: 2018-04-16 17:00 – Updated: 2024-09-17 03:38
VLAI
Summary
iScripts eSwap v2.4 has Reflected XSS via the "catwiseproducts.php" catid parameter in the User Panel.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://pastebin.com/vVN00qRh | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:32:01.267Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://pastebin.com/vVN00qRh"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "iScripts eSwap v2.4 has Reflected XSS via the \"catwiseproducts.php\" catid parameter in the User Panel."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-16T17:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://pastebin.com/vVN00qRh"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-10135",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "iScripts eSwap v2.4 has Reflected XSS via the \"catwiseproducts.php\" catid parameter in the User Panel."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pastebin.com/vVN00qRh",
"refsource": "MISC",
"url": "https://pastebin.com/vVN00qRh"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-10135",
"datePublished": "2018-04-16T17:00:00.000Z",
"dateReserved": "2018-04-16T00:00:00.000Z",
"dateUpdated": "2024-09-17T03:38:53.871Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-10136 (GCVE-0-2018-10136)
Vulnerability from cvelistv5 – Published: 2018-04-16 17:00 – Updated: 2024-09-16 17:22
VLAI
Summary
iScripts UberforX 2.2 has Stored XSS in the "manage_settings" section of the Admin Panel via a value field to the /cms?section=manage_settings&action=edit URI.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://pastebin.com/TCEWRZEd | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:32:01.240Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://pastebin.com/TCEWRZEd"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "iScripts UberforX 2.2 has Stored XSS in the \"manage_settings\" section of the Admin Panel via a value field to the /cms?section=manage_settings\u0026action=edit URI."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-16T17:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://pastebin.com/TCEWRZEd"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-10136",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "iScripts UberforX 2.2 has Stored XSS in the \"manage_settings\" section of the Admin Panel via a value field to the /cms?section=manage_settings\u0026action=edit URI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pastebin.com/TCEWRZEd",
"refsource": "MISC",
"url": "https://pastebin.com/TCEWRZEd"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-10136",
"datePublished": "2018-04-16T17:00:00.000Z",
"dateReserved": "2018-04-16T00:00:00.000Z",
"dateUpdated": "2024-09-16T17:22:40.900Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-10051 (GCVE-0-2018-10051)
Vulnerability from cvelistv5 – Published: 2018-04-11 20:00 – Updated: 2024-09-16 19:52
VLAI
Summary
iScripts SupportDesk v4.3 has XSS via the staff/inteligentsearchresult.php txtinteligentsearch parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://pastebin.com/aQn3Cr2G | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:32:00.862Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://pastebin.com/aQn3Cr2G"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "iScripts SupportDesk v4.3 has XSS via the staff/inteligentsearchresult.php txtinteligentsearch parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-11T20:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://pastebin.com/aQn3Cr2G"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-10051",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "iScripts SupportDesk v4.3 has XSS via the staff/inteligentsearchresult.php txtinteligentsearch parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pastebin.com/aQn3Cr2G",
"refsource": "MISC",
"url": "https://pastebin.com/aQn3Cr2G"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-10051",
"datePublished": "2018-04-11T20:00:00.000Z",
"dateReserved": "2018-04-11T00:00:00.000Z",
"dateUpdated": "2024-09-16T19:52:16.834Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-10050 (GCVE-0-2018-10050)
Vulnerability from cvelistv5 – Published: 2018-04-11 20:00 – Updated: 2024-09-17 04:25
VLAI
Summary
iScripts eSwap v2.4 has SQL injection via the "registration_settings.php" ddlFree parameter in the Admin Panel.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://pastebin.com/UDEsFq3u | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:32:01.169Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://pastebin.com/UDEsFq3u"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "iScripts eSwap v2.4 has SQL injection via the \"registration_settings.php\" ddlFree parameter in the Admin Panel."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-11T20:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://pastebin.com/UDEsFq3u"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-10050",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "iScripts eSwap v2.4 has SQL injection via the \"registration_settings.php\" ddlFree parameter in the Admin Panel."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pastebin.com/UDEsFq3u",
"refsource": "MISC",
"url": "https://pastebin.com/UDEsFq3u"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-10050",
"datePublished": "2018-04-11T20:00:00.000Z",
"dateReserved": "2018-04-11T00:00:00.000Z",
"dateUpdated": "2024-09-17T04:25:41.071Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-10049 (GCVE-0-2018-10049)
Vulnerability from cvelistv5 – Published: 2018-04-11 20:00 – Updated: 2024-09-16 16:24
VLAI
Summary
iScripts eSwap v2.4 has XSS via the "registration_settings.php" txtDate parameter in the Admin Panel.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://pastebin.com/QbhRJp4q | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:32:00.872Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://pastebin.com/QbhRJp4q"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "iScripts eSwap v2.4 has XSS via the \"registration_settings.php\" txtDate parameter in the Admin Panel."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-11T20:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://pastebin.com/QbhRJp4q"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-10049",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "iScripts eSwap v2.4 has XSS via the \"registration_settings.php\" txtDate parameter in the Admin Panel."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pastebin.com/QbhRJp4q",
"refsource": "MISC",
"url": "https://pastebin.com/QbhRJp4q"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-10049",
"datePublished": "2018-04-11T20:00:00.000Z",
"dateReserved": "2018-04-11T00:00:00.000Z",
"dateUpdated": "2024-09-16T16:24:11.122Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-10048 (GCVE-0-2018-10048)
Vulnerability from cvelistv5 – Published: 2018-04-11 20:00 – Updated: 2024-09-16 19:30
VLAI
Summary
iScripts eSwap v2.4 has CSRF via "registration_settings.php" in the Admin Panel.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://pastebin.com/RVdpLAT8 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:32:00.766Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://pastebin.com/RVdpLAT8"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "iScripts eSwap v2.4 has CSRF via \"registration_settings.php\" in the Admin Panel."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-11T20:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://pastebin.com/RVdpLAT8"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-10048",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "iScripts eSwap v2.4 has CSRF via \"registration_settings.php\" in the Admin Panel."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pastebin.com/RVdpLAT8",
"refsource": "MISC",
"url": "https://pastebin.com/RVdpLAT8"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-10048",
"datePublished": "2018-04-11T20:00:00.000Z",
"dateReserved": "2018-04-11T00:00:00.000Z",
"dateUpdated": "2024-09-16T19:30:28.201Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-10052 (GCVE-0-2018-10052)
Vulnerability from cvelistv5 – Published: 2018-04-11 20:00 – Updated: 2024-09-16 20:57
VLAI
Summary
iScripts SupportDesk v4.3 has XSS via the admin/inteligentsearchresult.php txtinteligentsearch parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://pastebin.com/aeqYLK9u | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:32:01.042Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://pastebin.com/aeqYLK9u"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "iScripts SupportDesk v4.3 has XSS via the admin/inteligentsearchresult.php txtinteligentsearch parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-11T20:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://pastebin.com/aeqYLK9u"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-10052",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "iScripts SupportDesk v4.3 has XSS via the admin/inteligentsearchresult.php txtinteligentsearch parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pastebin.com/aeqYLK9u",
"refsource": "MISC",
"url": "https://pastebin.com/aeqYLK9u"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-10052",
"datePublished": "2018-04-11T20:00:00.000Z",
"dateReserved": "2018-04-11T00:00:00.000Z",
"dateUpdated": "2024-09-16T20:57:47.070Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-9236 (GCVE-0-2018-9236)
Vulnerability from cvelistv5 – Published: 2018-04-04 07:00 – Updated: 2024-08-05 07:17
VLAI
Summary
iScripts EasyCreate 3.2.1 has Stored Cross-Site Scripting in the "Site title" field.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://pastebin.com/Amw08sAj | x_refsource_MISC |
| https://www.exploit-db.com/exploits/44436/ | exploitx_refsource_EXPLOIT-DB |
Date Public
2018-04-04 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:17:51.815Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://pastebin.com/Amw08sAj"
},
{
"name": "44436",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/44436/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-04-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "iScripts EasyCreate 3.2.1 has Stored Cross-Site Scripting in the \"Site title\" field."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-12T09:57:02.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://pastebin.com/Amw08sAj"
},
{
"name": "44436",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/44436/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-9236",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "iScripts EasyCreate 3.2.1 has Stored Cross-Site Scripting in the \"Site title\" field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pastebin.com/Amw08sAj",
"refsource": "MISC",
"url": "https://pastebin.com/Amw08sAj"
},
{
"name": "44436",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44436/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-9236",
"datePublished": "2018-04-04T07:00:00.000Z",
"dateReserved": "2018-04-03T00:00:00.000Z",
"dateUpdated": "2024-08-05T07:17:51.815Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-9237 (GCVE-0-2018-9237)
Vulnerability from cvelistv5 – Published: 2018-04-04 07:00 – Updated: 2024-08-05 07:17
VLAI
Summary
iScripts EasyCreate 3.2.1 has Stored Cross-Site Scripting in the "Site Description" field.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/44436/ | exploitx_refsource_EXPLOIT-DB |
| https://pastebin.com/9C0QBs8u | x_refsource_MISC |
Date Public
2018-04-04 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:17:52.070Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "44436",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/44436/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://pastebin.com/9C0QBs8u"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-04-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "iScripts EasyCreate 3.2.1 has Stored Cross-Site Scripting in the \"Site Description\" field."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-12T09:57:02.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "44436",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/44436/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://pastebin.com/9C0QBs8u"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-9237",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "iScripts EasyCreate 3.2.1 has Stored Cross-Site Scripting in the \"Site Description\" field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "44436",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44436/"
},
{
"name": "https://pastebin.com/9C0QBs8u",
"refsource": "MISC",
"url": "https://pastebin.com/9C0QBs8u"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-9237",
"datePublished": "2018-04-04T07:00:00.000Z",
"dateReserved": "2018-04-03T00:00:00.000Z",
"dateUpdated": "2024-08-05T07:17:52.070Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-9235 (GCVE-0-2018-9235)
Vulnerability from cvelistv5 – Published: 2018-04-04 07:00 – Updated: 2024-08-05 07:17
VLAI
Summary
iScripts SonicBB 1.0 has Reflected Cross-Site Scripting via the query parameter to search.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://pastebin.com/caQW37fY | x_refsource_MISC |
| https://www.exploit-db.com/exploits/44434/ | exploitx_refsource_EXPLOIT-DB |
Date Public
2018-04-04 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:17:51.813Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://pastebin.com/caQW37fY"
},
{
"name": "44434",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/44434/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-04-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "iScripts SonicBB 1.0 has Reflected Cross-Site Scripting via the query parameter to search.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-11T09:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://pastebin.com/caQW37fY"
},
{
"name": "44434",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/44434/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-9235",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "iScripts SonicBB 1.0 has Reflected Cross-Site Scripting via the query parameter to search.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pastebin.com/caQW37fY",
"refsource": "MISC",
"url": "https://pastebin.com/caQW37fY"
},
{
"name": "44434",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44434/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-9235",
"datePublished": "2018-04-04T07:00:00.000Z",
"dateReserved": "2018-04-03T00:00:00.000Z",
"dateUpdated": "2024-08-05T07:17:51.813Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-7190 (GCVE-0-2013-7190)
Vulnerability from cvelistv5 – Published: 2013-12-20 23:00 – Updated: 2024-08-06 18:01
VLAI
Summary
Multiple directory traversal vulnerabilities in iScripts AutoHoster, possibly 2.4, allow remote attackers to read arbitrary files via the (1) tmpid parameter to websitebuilder/showtemplateimage.php, (2) fname parameter to admin/downloadfile.php, or (3) id parameter to support/admin/csvdownload.php; or (4) have an unspecified impact via unspecified vectors in support/parser/main_smtp.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://seclists.org/fulldisclosure/2013/Dec/121 | mailing-listx_refsource_FULLDISC |
Date Public
2013-12-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:01:19.816Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "autohoster-mainsmtp-directory-traversal(89818)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89818"
},
{
"name": "20131215 iscripts autohoster , multiple vulns / php code injection exploit",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2013/Dec/121"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-12-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple directory traversal vulnerabilities in iScripts AutoHoster, possibly 2.4, allow remote attackers to read arbitrary files via the (1) tmpid parameter to websitebuilder/showtemplateimage.php, (2) fname parameter to admin/downloadfile.php, or (3) id parameter to support/admin/csvdownload.php; or (4) have an unspecified impact via unspecified vectors in support/parser/main_smtp.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "autohoster-mainsmtp-directory-traversal(89818)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89818"
},
{
"name": "20131215 iscripts autohoster , multiple vulns / php code injection exploit",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2013/Dec/121"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-7190",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple directory traversal vulnerabilities in iScripts AutoHoster, possibly 2.4, allow remote attackers to read arbitrary files via the (1) tmpid parameter to websitebuilder/showtemplateimage.php, (2) fname parameter to admin/downloadfile.php, or (3) id parameter to support/admin/csvdownload.php; or (4) have an unspecified impact via unspecified vectors in support/parser/main_smtp.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "autohoster-mainsmtp-directory-traversal(89818)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89818"
},
{
"name": "20131215 iscripts autohoster , multiple vulns / php code injection exploit",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2013/Dec/121"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-7190",
"datePublished": "2013-12-20T23:00:00.000Z",
"dateReserved": "2013-12-20T00:00:00.000Z",
"dateUpdated": "2024-08-06T18:01:19.816Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-7189 (GCVE-0-2013-7189)
Vulnerability from cvelistv5 – Published: 2013-12-20 23:00 – Updated: 2024-08-06 18:01
VLAI
Summary
Multiple SQL injection vulnerabilities in iScripts AutoHoster, possibly 2.4, allow remote attackers to execute arbitrary SQL commands via the cmbdomain parameter to (1) checktransferstatus.php, (2) checktransferstatusbck.php, or (3) additionalsettings.php; or (4) invno parameter to payinvoiceothers.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://osvdb.org/101049 | vdb-entryx_refsource_OSVDB |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://seclists.org/fulldisclosure/2013/Dec/121 | mailing-listx_refsource_FULLDISC |
| http://osvdb.org/101050 | vdb-entryx_refsource_OSVDB |
| http://osvdb.org/101051 | vdb-entryx_refsource_OSVDB |
| http://osvdb.org/101053 | vdb-entryx_refsource_OSVDB |
Date Public
2013-12-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:01:19.980Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "101049",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/101049"
},
{
"name": "iscripts-autohoster-multiple-sql-injection(89816)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89816"
},
{
"name": "20131215 iscripts autohoster , multiple vulns / php code injection exploit",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2013/Dec/121"
},
{
"name": "101050",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/101050"
},
{
"name": "101051",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/101051"
},
{
"name": "101053",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/101053"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-12-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in iScripts AutoHoster, possibly 2.4, allow remote attackers to execute arbitrary SQL commands via the cmbdomain parameter to (1) checktransferstatus.php, (2) checktransferstatusbck.php, or (3) additionalsettings.php; or (4) invno parameter to payinvoiceothers.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "101049",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/101049"
},
{
"name": "iscripts-autohoster-multiple-sql-injection(89816)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89816"
},
{
"name": "20131215 iscripts autohoster , multiple vulns / php code injection exploit",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2013/Dec/121"
},
{
"name": "101050",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/101050"
},
{
"name": "101051",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/101051"
},
{
"name": "101053",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/101053"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-7189",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in iScripts AutoHoster, possibly 2.4, allow remote attackers to execute arbitrary SQL commands via the cmbdomain parameter to (1) checktransferstatus.php, (2) checktransferstatusbck.php, or (3) additionalsettings.php; or (4) invno parameter to payinvoiceothers.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "101049",
"refsource": "OSVDB",
"url": "http://osvdb.org/101049"
},
{
"name": "iscripts-autohoster-multiple-sql-injection(89816)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89816"
},
{
"name": "20131215 iscripts autohoster , multiple vulns / php code injection exploit",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2013/Dec/121"
},
{
"name": "101050",
"refsource": "OSVDB",
"url": "http://osvdb.org/101050"
},
{
"name": "101051",
"refsource": "OSVDB",
"url": "http://osvdb.org/101051"
},
{
"name": "101053",
"refsource": "OSVDB",
"url": "http://osvdb.org/101053"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-7189",
"datePublished": "2013-12-20T23:00:00.000Z",
"dateReserved": "2013-12-20T00:00:00.000Z",
"dateUpdated": "2024-08-06T18:01:19.980Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-5034 (GCVE-0-2010-5034)
Vulnerability from cvelistv5 – Published: 2011-11-02 21:00 – Updated: 2024-08-07 04:09
VLAI
Summary
SQL injection vulnerability in viewhistorydetail.php in iScripts EasyBiller 1.1 allows remote attackers to execute arbitrary SQL commands via the planid parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.exploit-db.com/exploits/13741/ | exploitx_refsource_EXPLOIT-DB |
| http://packetstormsecurity.org/1006-exploits/iscr… | x_refsource_MISC |
| http://securityreason.com/securityalert/8521 | third-party-advisoryx_refsource_SREASON |
| http://secunia.com/advisories/40088 | third-party-advisoryx_refsource_SECUNIA |
| http://www.vupen.com/english/advisories/2010/1359 | vdb-entryx_refsource_VUPEN |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2010-06-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:09:38.464Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "13741",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/13741/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.org/1006-exploits/iscriptseasybiller-sql.txt"
},
{
"name": "8521",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8521"
},
{
"name": "40088",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/40088"
},
{
"name": "ADV-2010-1359",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1359"
},
{
"name": "easybiller-planid-sql-injection(59150)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59150"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-06-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in viewhistorydetail.php in iScripts EasyBiller 1.1 allows remote attackers to execute arbitrary SQL commands via the planid parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "13741",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/13741/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.org/1006-exploits/iscriptseasybiller-sql.txt"
},
{
"name": "8521",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8521"
},
{
"name": "40088",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/40088"
},
{
"name": "ADV-2010-1359",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1359"
},
{
"name": "easybiller-planid-sql-injection(59150)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59150"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-5034",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in viewhistorydetail.php in iScripts EasyBiller 1.1 allows remote attackers to execute arbitrary SQL commands via the planid parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "13741",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/13741/"
},
{
"name": "http://packetstormsecurity.org/1006-exploits/iscriptseasybiller-sql.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1006-exploits/iscriptseasybiller-sql.txt"
},
{
"name": "8521",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8521"
},
{
"name": "40088",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40088"
},
{
"name": "ADV-2010-1359",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1359"
},
{
"name": "easybiller-planid-sql-injection(59150)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59150"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-5034",
"datePublished": "2011-11-02T21:00:00.000Z",
"dateReserved": "2011-11-02T00:00:00.000Z",
"dateUpdated": "2024-08-07T04:09:38.464Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-5036 (GCVE-0-2010-5036)
Vulnerability from cvelistv5 – Published: 2011-11-02 21:00 – Updated: 2024-08-07 04:09
VLAI
Summary
SQL injection vulnerability in addsale.php in iScripts eSwap 2.0 allows remote attackers to execute arbitrary SQL commands via the type parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://packetstormsecurity.org/1006-exploits/iscr… | x_refsource_MISC |
| http://www.vupen.com/english/advisories/2010/1360 | vdb-entryx_refsource_VUPEN |
| http://securityreason.com/securityalert/8522 | third-party-advisoryx_refsource_SREASON |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/bid/40597 | vdb-entryx_refsource_BID |
| http://www.exploit-db.com/exploits/13740/ | exploitx_refsource_EXPLOIT-DB |
Date Public
2010-06-05 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:09:39.164Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.org/1006-exploits/iscriptsewap-sqlxss.txt"
},
{
"name": "ADV-2010-1360",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1360"
},
{
"name": "8522",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8522"
},
{
"name": "eswap-addsale-sql-injection(59147)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59147"
},
{
"name": "40597",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/40597"
},
{
"name": "13740",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/13740/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-06-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in addsale.php in iScripts eSwap 2.0 allows remote attackers to execute arbitrary SQL commands via the type parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.org/1006-exploits/iscriptsewap-sqlxss.txt"
},
{
"name": "ADV-2010-1360",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1360"
},
{
"name": "8522",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8522"
},
{
"name": "eswap-addsale-sql-injection(59147)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59147"
},
{
"name": "40597",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/40597"
},
{
"name": "13740",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/13740/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-5036",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in addsale.php in iScripts eSwap 2.0 allows remote attackers to execute arbitrary SQL commands via the type parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.org/1006-exploits/iscriptsewap-sqlxss.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1006-exploits/iscriptsewap-sqlxss.txt"
},
{
"name": "ADV-2010-1360",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1360"
},
{
"name": "8522",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8522"
},
{
"name": "eswap-addsale-sql-injection(59147)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59147"
},
{
"name": "40597",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/40597"
},
{
"name": "13740",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/13740/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-5036",
"datePublished": "2011-11-02T21:00:00.000Z",
"dateReserved": "2011-11-02T00:00:00.000Z",
"dateUpdated": "2024-08-07T04:09:39.164Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-5035 (GCVE-0-2010-5035)
Vulnerability from cvelistv5 – Published: 2011-11-02 21:00 – Updated: 2024-08-07 04:09
VLAI
Summary
Cross-site scripting (XSS) vulnerability in search.php in iScripts eSwap 2.0 allows remote attackers to inject arbitrary web script or HTML via the txtHomeSearch parameter (aka the search field). NOTE: some of these details are obtained from third party information.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://packetstormsecurity.org/1006-exploits/iscr… | x_refsource_MISC |
| http://www.vupen.com/english/advisories/2010/1360 | vdb-entryx_refsource_VUPEN |
| http://securityreason.com/securityalert/8522 | third-party-advisoryx_refsource_SREASON |
| http://www.securityfocus.com/bid/40597 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/40087 | third-party-advisoryx_refsource_SECUNIA |
| http://www.exploit-db.com/exploits/13740/ | exploitx_refsource_EXPLOIT-DB |
Date Public
2010-06-05 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:09:38.513Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "eswap-search-xss(59148)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59148"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.org/1006-exploits/iscriptsewap-sqlxss.txt"
},
{
"name": "ADV-2010-1360",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1360"
},
{
"name": "8522",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8522"
},
{
"name": "40597",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/40597"
},
{
"name": "40087",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/40087"
},
{
"name": "13740",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/13740/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-06-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in search.php in iScripts eSwap 2.0 allows remote attackers to inject arbitrary web script or HTML via the txtHomeSearch parameter (aka the search field). NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "eswap-search-xss(59148)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59148"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.org/1006-exploits/iscriptsewap-sqlxss.txt"
},
{
"name": "ADV-2010-1360",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1360"
},
{
"name": "8522",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8522"
},
{
"name": "40597",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/40597"
},
{
"name": "40087",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/40087"
},
{
"name": "13740",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/13740/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-5035",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in search.php in iScripts eSwap 2.0 allows remote attackers to inject arbitrary web script or HTML via the txtHomeSearch parameter (aka the search field). NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "eswap-search-xss(59148)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59148"
},
{
"name": "http://packetstormsecurity.org/1006-exploits/iscriptsewap-sqlxss.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1006-exploits/iscriptsewap-sqlxss.txt"
},
{
"name": "ADV-2010-1360",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1360"
},
{
"name": "8522",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8522"
},
{
"name": "40597",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/40597"
},
{
"name": "40087",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40087"
},
{
"name": "13740",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/13740/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-5035",
"datePublished": "2011-11-02T21:00:00.000Z",
"dateReserved": "2011-11-02T00:00:00.000Z",
"dateUpdated": "2024-08-07T04:09:38.513Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-4983 (GCVE-0-2010-4983)
Vulnerability from cvelistv5 – Published: 2011-11-01 22:00 – Updated: 2024-08-07 04:09
VLAI
Summary
SQL injection vulnerability in profile.php in iScripts CyberMatch 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://securityreason.com/securityalert/8486 | third-party-advisoryx_refsource_SREASON |
| http://www.securityfocus.com/archive/1/512141/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.exploit-db.com/exploits/14164 | exploitx_refsource_EXPLOIT-DB |
| http://www.salvatorefresta.net/files/adv/iScripts… | x_refsource_MISC |
| http://www.securityfocus.com/bid/41300 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/40434 | third-party-advisoryx_refsource_SECUNIA |
| http://packetstormsecurity.org/1007-exploits/cybe… | x_refsource_MISC |
Date Public
2010-07-01 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:09:38.159Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "8486",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8486"
},
{
"name": "20100701 iScripts CyberMatch 1.0 Blind SQL Injection Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/512141/100/0/threaded"
},
{
"name": "14164",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/14164"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.salvatorefresta.net/files/adv/iScripts%20CyberMatch%201.0%20Blind%20SQL%20Injection%20Vulnerability-02072010.txt"
},
{
"name": "41300",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/41300"
},
{
"name": "40434",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/40434"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.org/1007-exploits/cybermatch-sql.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-07-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in profile.php in iScripts CyberMatch 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "8486",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8486"
},
{
"name": "20100701 iScripts CyberMatch 1.0 Blind SQL Injection Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/512141/100/0/threaded"
},
{
"name": "14164",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/14164"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.salvatorefresta.net/files/adv/iScripts%20CyberMatch%201.0%20Blind%20SQL%20Injection%20Vulnerability-02072010.txt"
},
{
"name": "41300",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/41300"
},
{
"name": "40434",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/40434"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.org/1007-exploits/cybermatch-sql.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4983",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in profile.php in iScripts CyberMatch 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "8486",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8486"
},
{
"name": "20100701 iScripts CyberMatch 1.0 Blind SQL Injection Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/512141/100/0/threaded"
},
{
"name": "14164",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/14164"
},
{
"name": "http://www.salvatorefresta.net/files/adv/iScripts%20CyberMatch%201.0%20Blind%20SQL%20Injection%20Vulnerability-02072010.txt",
"refsource": "MISC",
"url": "http://www.salvatorefresta.net/files/adv/iScripts%20CyberMatch%201.0%20Blind%20SQL%20Injection%20Vulnerability-02072010.txt"
},
{
"name": "41300",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/41300"
},
{
"name": "40434",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40434"
},
{
"name": "http://packetstormsecurity.org/1007-exploits/cybermatch-sql.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1007-exploits/cybermatch-sql.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-4983",
"datePublished": "2011-11-01T22:00:00.000Z",
"dateReserved": "2011-11-01T00:00:00.000Z",
"dateUpdated": "2024-08-07T04:09:38.159Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-4980 (GCVE-0-2010-4980)
Vulnerability from cvelistv5 – Published: 2011-11-01 22:00 – Updated: 2024-08-07 04:02
VLAI
Summary
SQL injection vulnerability in packagedetails.php in iScripts ReserveLogic 1.0 allows remote attackers to execute arbitrary SQL commands via the pid parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://securityreason.com/securityalert/8487 | third-party-advisoryx_refsource_SREASON |
| http://www.salvatorefresta.net/files/adv/iScripts… | x_refsource_MISC |
| http://www.exploit-db.com/exploits/14163 | exploitx_refsource_EXPLOIT-DB |
| http://www.securityfocus.com/archive/1/512137/100… | mailing-listx_refsource_BUGTRAQ |
| http://secunia.com/advisories/40435 | third-party-advisoryx_refsource_SECUNIA |
| http://packetstormsecurity.org/1007-exploits/rese… | x_refsource_MISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2010-07-01 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:02:30.555Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "8487",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8487"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.salvatorefresta.net/files/adv/iScripts%20ReserveLogic%201.0%20SQL%20Injection%20Vulnerability-01072010.txt"
},
{
"name": "14163",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/14163"
},
{
"name": "20100701 iScripts ReserveLogic 1.0 SQL Injection Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/512137/100/0/threaded"
},
{
"name": "40435",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/40435"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.org/1007-exploits/reservelogic-sql.txt"
},
{
"name": "reservelogic-pid-sql-injection(59985)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59985"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-07-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in packagedetails.php in iScripts ReserveLogic 1.0 allows remote attackers to execute arbitrary SQL commands via the pid parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "8487",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8487"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.salvatorefresta.net/files/adv/iScripts%20ReserveLogic%201.0%20SQL%20Injection%20Vulnerability-01072010.txt"
},
{
"name": "14163",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/14163"
},
{
"name": "20100701 iScripts ReserveLogic 1.0 SQL Injection Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/512137/100/0/threaded"
},
{
"name": "40435",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/40435"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.org/1007-exploits/reservelogic-sql.txt"
},
{
"name": "reservelogic-pid-sql-injection(59985)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59985"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4980",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in packagedetails.php in iScripts ReserveLogic 1.0 allows remote attackers to execute arbitrary SQL commands via the pid parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "8487",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8487"
},
{
"name": "http://www.salvatorefresta.net/files/adv/iScripts%20ReserveLogic%201.0%20SQL%20Injection%20Vulnerability-01072010.txt",
"refsource": "MISC",
"url": "http://www.salvatorefresta.net/files/adv/iScripts%20ReserveLogic%201.0%20SQL%20Injection%20Vulnerability-01072010.txt"
},
{
"name": "14163",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/14163"
},
{
"name": "20100701 iScripts ReserveLogic 1.0 SQL Injection Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/512137/100/0/threaded"
},
{
"name": "40435",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40435"
},
{
"name": "http://packetstormsecurity.org/1007-exploits/reservelogic-sql.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1007-exploits/reservelogic-sql.txt"
},
{
"name": "reservelogic-pid-sql-injection(59985)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59985"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-4980",
"datePublished": "2011-11-01T22:00:00.000Z",
"dateReserved": "2011-11-01T00:00:00.000Z",
"dateUpdated": "2024-08-07T04:02:30.555Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-2853 (GCVE-0-2010-2853)
Vulnerability from cvelistv5 – Published: 2010-07-23 20:00 – Updated: 2024-08-07 02:46
VLAI
Summary
SQL injection vulnerability in flashPlayer/playVideo.php in iScripts VisualCaster allows remote attackers to execute arbitrary SQL commands via the product_id parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.exploit-db.com/exploits/12451 | exploitx_refsource_EXPLOIT-DB |
| http://www.securityfocus.com/bid/39795 | vdb-entryx_refsource_BID |
| http://packetstormsecurity.org/1004-exploits/iscr… | x_refsource_MISC |
| http://www.osvdb.org/65840 | vdb-entryx_refsource_OSVDB |
| http://secunia.com/advisories/40416 | third-party-advisoryx_refsource_SECUNIA |
| http://www.iscripts.com/patches.php | x_refsource_MISC |
Date Public
2010-04-29 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:46:48.512Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "visualcaster-playvideo-sql-injection(58242)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58242"
},
{
"name": "12451",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/12451"
},
{
"name": "39795",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/39795"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.org/1004-exploits/iscriptsvisualcaster-sql.txt"
},
{
"name": "65840",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/65840"
},
{
"name": "40416",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/40416"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.iscripts.com/patches.php"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-04-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in flashPlayer/playVideo.php in iScripts VisualCaster allows remote attackers to execute arbitrary SQL commands via the product_id parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "visualcaster-playvideo-sql-injection(58242)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58242"
},
{
"name": "12451",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/12451"
},
{
"name": "39795",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/39795"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.org/1004-exploits/iscriptsvisualcaster-sql.txt"
},
{
"name": "65840",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/65840"
},
{
"name": "40416",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/40416"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.iscripts.com/patches.php"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2853",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in flashPlayer/playVideo.php in iScripts VisualCaster allows remote attackers to execute arbitrary SQL commands via the product_id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "visualcaster-playvideo-sql-injection(58242)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58242"
},
{
"name": "12451",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/12451"
},
{
"name": "39795",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/39795"
},
{
"name": "http://packetstormsecurity.org/1004-exploits/iscriptsvisualcaster-sql.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1004-exploits/iscriptsvisualcaster-sql.txt"
},
{
"name": "65840",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/65840"
},
{
"name": "40416",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40416"
},
{
"name": "http://www.iscripts.com/patches.php",
"refsource": "MISC",
"url": "http://www.iscripts.com/patches.php"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-2853",
"datePublished": "2010-07-23T20:00:00.000Z",
"dateReserved": "2010-07-23T00:00:00.000Z",
"dateUpdated": "2024-08-07T02:46:48.512Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-2624 (GCVE-0-2010-2624)
Vulnerability from cvelistv5 – Published: 2010-07-02 20:00 – Updated: 2024-08-07 02:39
VLAI
Summary
Multiple SQL injection vulnerabilities in iScripts EasySnaps 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) comment parameter to add_comments.php, (2) values parameter to tags_details.php, or (3) begin parameter to greetings.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/40448 | third-party-advisoryx_refsource_SECUNIA |
| http://www.salvatorefresta.net/files/adv/iScripts… | x_refsource_MISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/archive/1/512140/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.exploit-db.com/exploits/14162 | exploitx_refsource_EXPLOIT-DB |
| http://www.securityfocus.com/bid/41298 | vdb-entryx_refsource_BID |
Date Public
2010-07-01 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:39:37.195Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "40448",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/40448"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.salvatorefresta.net/files/adv/iScripts%20EasySnaps%202.0%20Multiple%20SQL%20Injection%20Vulnerabilities-01072010.txt"
},
{
"name": "easysnaps-multiple-sql-injection(59984)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59984"
},
{
"name": "20100701 REVISION: iScripts EasySnaps 2.0 Multiple SQL Injection Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/512140/100/0/threaded"
},
{
"name": "14162",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/14162"
},
{
"name": "41298",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/41298"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-07-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in iScripts EasySnaps 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) comment parameter to add_comments.php, (2) values parameter to tags_details.php, or (3) begin parameter to greetings.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "40448",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/40448"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.salvatorefresta.net/files/adv/iScripts%20EasySnaps%202.0%20Multiple%20SQL%20Injection%20Vulnerabilities-01072010.txt"
},
{
"name": "easysnaps-multiple-sql-injection(59984)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59984"
},
{
"name": "20100701 REVISION: iScripts EasySnaps 2.0 Multiple SQL Injection Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/512140/100/0/threaded"
},
{
"name": "14162",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/14162"
},
{
"name": "41298",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/41298"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2624",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in iScripts EasySnaps 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) comment parameter to add_comments.php, (2) values parameter to tags_details.php, or (3) begin parameter to greetings.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "40448",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40448"
},
{
"name": "http://www.salvatorefresta.net/files/adv/iScripts%20EasySnaps%202.0%20Multiple%20SQL%20Injection%20Vulnerabilities-01072010.txt",
"refsource": "MISC",
"url": "http://www.salvatorefresta.net/files/adv/iScripts%20EasySnaps%202.0%20Multiple%20SQL%20Injection%20Vulnerabilities-01072010.txt"
},
{
"name": "easysnaps-multiple-sql-injection(59984)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59984"
},
{
"name": "20100701 REVISION: iScripts EasySnaps 2.0 Multiple SQL Injection Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/512140/100/0/threaded"
},
{
"name": "14162",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/14162"
},
{
"name": "41298",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/41298"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-2624",
"datePublished": "2010-07-02T20:00:00.000Z",
"dateReserved": "2010-07-02T00:00:00.000Z",
"dateUpdated": "2024-08-07T02:39:37.195Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-4169 (GCVE-0-2008-4169)
Vulnerability from cvelistv5 – Published: 2008-09-22 18:00 – Updated: 2024-08-07 10:08
VLAI
Summary
SQL injection vulnerability in detaillist.php in iScripts EasyIndex, possibly 1.0, allows remote attackers to execute arbitrary SQL commands via the produid parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://securityreason.com/securityalert/4286 | third-party-advisoryx_refsource_SREASON |
| http://www.securityfocus.com/bid/31202 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| https://www.exploit-db.com/exploits/6467 | exploitx_refsource_EXPLOIT-DB |
| http://secunia.com/advisories/31788 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2008-09-16 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:08:34.930Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "4286",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4286"
},
{
"name": "31202",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31202"
},
{
"name": "easyindex-detaillist-sql-injection(45160)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45160"
},
{
"name": "6467",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/6467"
},
{
"name": "31788",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31788"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-09-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in detaillist.php in iScripts EasyIndex, possibly 1.0, allows remote attackers to execute arbitrary SQL commands via the produid parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "4286",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4286"
},
{
"name": "31202",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31202"
},
{
"name": "easyindex-detaillist-sql-injection(45160)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45160"
},
{
"name": "6467",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/6467"
},
{
"name": "31788",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31788"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4169",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in detaillist.php in iScripts EasyIndex, possibly 1.0, allows remote attackers to execute arbitrary SQL commands via the produid parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "4286",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4286"
},
{
"name": "31202",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31202"
},
{
"name": "easyindex-detaillist-sql-injection(45160)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45160"
},
{
"name": "6467",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6467"
},
{
"name": "31788",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31788"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-4169",
"datePublished": "2008-09-22T18:00:00.000Z",
"dateReserved": "2008-09-22T00:00:00.000Z",
"dateUpdated": "2024-08-07T10:08:34.930Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1859 (GCVE-0-2008-1859)
Vulnerability from cvelistv5 – Published: 2008-04-16 19:00 – Updated: 2024-08-07 08:40
VLAI
Summary
SQL injection vulnerability in events.php in iScripts SocialWare allows remote attackers to execute arbitrary SQL commands via the id parameter in a show action.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/29725 | third-party-advisoryx_refsource_SECUNIA |
| https://www.exploit-db.com/exploits/5402 | exploitx_refsource_EXPLOIT-DB |
| http://www.vupen.com/english/advisories/2008/1137… | vdb-entryx_refsource_VUPEN |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/bid/28669 | vdb-entryx_refsource_BID |
Date Public
2008-04-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:40:58.959Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "29725",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29725"
},
{
"name": "5402",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/5402"
},
{
"name": "ADV-2008-1137",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1137/references"
},
{
"name": "socialware-events-sql-injection(41697)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41697"
},
{
"name": "28669",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28669"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-04-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in events.php in iScripts SocialWare allows remote attackers to execute arbitrary SQL commands via the id parameter in a show action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "29725",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29725"
},
{
"name": "5402",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/5402"
},
{
"name": "ADV-2008-1137",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1137/references"
},
{
"name": "socialware-events-sql-injection(41697)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41697"
},
{
"name": "28669",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28669"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1859",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in events.php in iScripts SocialWare allows remote attackers to execute arbitrary SQL commands via the id parameter in a show action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "29725",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29725"
},
{
"name": "5402",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5402"
},
{
"name": "ADV-2008-1137",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1137/references"
},
{
"name": "socialware-events-sql-injection(41697)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41697"
},
{
"name": "28669",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28669"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1859",
"datePublished": "2008-04-16T19:00:00.000Z",
"dateReserved": "2008-04-16T00:00:00.000Z",
"dateUpdated": "2024-08-07T08:40:58.959Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1790 (GCVE-0-2008-1790)
Vulnerability from cvelistv5 – Published: 2008-04-15 17:00 – Updated: 2024-08-07 08:32
VLAI
Summary
Unrestricted file upload vulnerability in iScripts SocialWare allows remote authenticated administrators to upload arbitrary files via a crafted logo file in the "Manage Settings" functionality. NOTE: remote exploitation is facilitated by a separate SQL injection vulnerability.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/29725 | third-party-advisoryx_refsource_SECUNIA |
| https://www.exploit-db.com/exploits/5402 | exploitx_refsource_EXPLOIT-DB |
| http://www.securityfocus.com/bid/28670 | vdb-entryx_refsource_BID |
| http://www.vupen.com/english/advisories/2008/1137… | vdb-entryx_refsource_VUPEN |
| http://www.osvdb.org/44327 | vdb-entryx_refsource_OSVDB |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2008-04-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:32:01.232Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "29725",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29725"
},
{
"name": "5402",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/5402"
},
{
"name": "28670",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28670"
},
{
"name": "ADV-2008-1137",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1137/references"
},
{
"name": "44327",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/44327"
},
{
"name": "socialware-managesettings-file-upload(41751)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41751"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-04-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Unrestricted file upload vulnerability in iScripts SocialWare allows remote authenticated administrators to upload arbitrary files via a crafted logo file in the \"Manage Settings\" functionality. NOTE: remote exploitation is facilitated by a separate SQL injection vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "29725",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29725"
},
{
"name": "5402",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/5402"
},
{
"name": "28670",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28670"
},
{
"name": "ADV-2008-1137",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1137/references"
},
{
"name": "44327",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/44327"
},
{
"name": "socialware-managesettings-file-upload(41751)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41751"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1790",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unrestricted file upload vulnerability in iScripts SocialWare allows remote authenticated administrators to upload arbitrary files via a crafted logo file in the \"Manage Settings\" functionality. NOTE: remote exploitation is facilitated by a separate SQL injection vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "29725",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29725"
},
{
"name": "5402",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5402"
},
{
"name": "28670",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28670"
},
{
"name": "ADV-2008-1137",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1137/references"
},
{
"name": "44327",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/44327"
},
{
"name": "socialware-managesettings-file-upload(41751)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41751"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1790",
"datePublished": "2008-04-15T17:00:00.000Z",
"dateReserved": "2008-04-15T00:00:00.000Z",
"dateUpdated": "2024-08-07T08:32:01.232Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1772 (GCVE-0-2008-1772)
Vulnerability from cvelistv5 – Published: 2008-04-14 15:00 – Updated: 2024-08-07 08:32
VLAI
Summary
iScripts SocialWare stores passwords in cleartext in a database, which allows context-dependent attackers to obtain sensitive information.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/29725 | third-party-advisoryx_refsource_SECUNIA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| https://www.exploit-db.com/exploits/5402 | exploitx_refsource_EXPLOIT-DB |
| http://www.osvdb.org/44326 | vdb-entryx_refsource_OSVDB |
Date Public
2008-04-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:32:01.303Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "29725",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29725"
},
{
"name": "socialware-password-info-disclosure(41812)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41812"
},
{
"name": "5402",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/5402"
},
{
"name": "44326",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/44326"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-04-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "iScripts SocialWare stores passwords in cleartext in a database, which allows context-dependent attackers to obtain sensitive information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "29725",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29725"
},
{
"name": "socialware-password-info-disclosure(41812)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41812"
},
{
"name": "5402",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/5402"
},
{
"name": "44326",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/44326"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1772",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "iScripts SocialWare stores passwords in cleartext in a database, which allows context-dependent attackers to obtain sensitive information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "29725",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29725"
},
{
"name": "socialware-password-info-disclosure(41812)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41812"
},
{
"name": "5402",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5402"
},
{
"name": "44326",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/44326"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1772",
"datePublished": "2008-04-14T15:00:00.000Z",
"dateReserved": "2008-04-14T00:00:00.000Z",
"dateUpdated": "2024-08-07T08:32:01.303Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0911 (GCVE-0-2008-0911)
Vulnerability from cvelistv5 – Published: 2008-02-22 23:00 – Updated: 2024-08-07 08:01
VLAI
Summary
SQL injection vulnerability in productdetails.php in iScripts MultiCart 2.0 allows remote authenticated users to execute arbitrary SQL commands via the productid parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/27916 | vdb-entryx_refsource_BID |
| https://www.exploit-db.com/exploits/5166 | exploitx_refsource_EXPLOIT-DB |
| http://secunia.com/advisories/29018 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2008-02-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:01:40.077Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "27916",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27916"
},
{
"name": "5166",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/5166"
},
{
"name": "29018",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29018"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-02-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in productdetails.php in iScripts MultiCart 2.0 allows remote authenticated users to execute arbitrary SQL commands via the productid parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "27916",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27916"
},
{
"name": "5166",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/5166"
},
{
"name": "29018",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29018"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0911",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in productdetails.php in iScripts MultiCart 2.0 allows remote authenticated users to execute arbitrary SQL commands via the productid parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "27916",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27916"
},
{
"name": "5166",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5166"
},
{
"name": "29018",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29018"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0911",
"datePublished": "2008-02-22T23:00:00.000Z",
"dateReserved": "2008-02-22T00:00:00.000Z",
"dateUpdated": "2024-08-07T08:01:40.077Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-5261 (GCVE-0-2007-5261)
Vulnerability from cvelistv5 – Published: 2007-10-06 17:00 – Updated: 2024-08-07 15:24
VLAI
Summary
Multiple SQL injection vulnerabilities in MultiCart 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) catid parameter to categorydetail.php and the (2) ddlCategory parameter to search.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| https://www.exploit-db.com/exploits/4480 | exploitx_refsource_EXPLOIT-DB |
| http://www.securityfocus.com/bid/25895 | vdb-entryx_refsource_BID |
Date Public
2007-10-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:24:42.336Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "multicart-search-category-sql-injection(36927)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36927"
},
{
"name": "4480",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/4480"
},
{
"name": "25895",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25895"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-10-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in MultiCart 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) catid parameter to categorydetail.php and the (2) ddlCategory parameter to search.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "multicart-search-category-sql-injection(36927)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36927"
},
{
"name": "4480",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/4480"
},
{
"name": "25895",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25895"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5261",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in MultiCart 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) catid parameter to categorydetail.php and the (2) ddlCategory parameter to search.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "multicart-search-category-sql-injection(36927)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36927"
},
{
"name": "4480",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4480"
},
{
"name": "25895",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25895"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-5261",
"datePublished": "2007-10-06T17:00:00.000Z",
"dateReserved": "2007-10-06T00:00:00.000Z",
"dateUpdated": "2024-08-07T15:24:42.336Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}