Multiple SQL injection vulnerabilities in MultiCart 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) catid parameter to categorydetail.php and the (2) ddlCategory parameter to search.php.
Max CVSS
6.4
EPSS Score
0.11%
Published
2007-10-06
Updated
2017-09-29
SQL injection vulnerability in productdetails.php in iScripts MultiCart 2.0 allows remote authenticated users to execute arbitrary SQL commands via the productid parameter.
Max CVSS
6.5
EPSS Score
0.07%
Published
2008-02-22
Updated
2017-09-29
iScripts SocialWare stores passwords in cleartext in a database, which allows context-dependent attackers to obtain sensitive information.
Max CVSS
5.0
EPSS Score
0.15%
Published
2008-04-14
Updated
2017-09-29
Unrestricted file upload vulnerability in iScripts SocialWare allows remote authenticated administrators to upload arbitrary files via a crafted logo file in the "Manage Settings" functionality. NOTE: remote exploitation is facilitated by a separate SQL injection vulnerability.
Max CVSS
6.5
EPSS Score
0.30%
Published
2008-04-15
Updated
2017-09-29
SQL injection vulnerability in events.php in iScripts SocialWare allows remote attackers to execute arbitrary SQL commands via the id parameter in a show action.
Max CVSS
7.5
EPSS Score
0.25%
Published
2008-04-16
Updated
2017-09-29
SQL injection vulnerability in detaillist.php in iScripts EasyIndex, possibly 1.0, allows remote attackers to execute arbitrary SQL commands via the produid parameter.
Max CVSS
7.5
EPSS Score
0.14%
Published
2008-09-22
Updated
2017-09-29
Multiple SQL injection vulnerabilities in iScripts EasySnaps 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) comment parameter to add_comments.php, (2) values parameter to tags_details.php, or (3) begin parameter to greetings.php.
Max CVSS
7.5
EPSS Score
0.14%
Published
2010-07-02
Updated
2018-10-10
SQL injection vulnerability in flashPlayer/playVideo.php in iScripts VisualCaster allows remote attackers to execute arbitrary SQL commands via the product_id parameter.
Max CVSS
7.5
EPSS Score
0.12%
Published
2010-07-25
Updated
2017-08-17
SQL injection vulnerability in packagedetails.php in iScripts ReserveLogic 1.0 allows remote attackers to execute arbitrary SQL commands via the pid parameter.
Max CVSS
7.5
EPSS Score
0.12%
Published
2011-11-01
Updated
2018-10-10
SQL injection vulnerability in profile.php in iScripts CyberMatch 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
Max CVSS
7.5
EPSS Score
0.12%
Published
2011-11-01
Updated
2018-10-10
SQL injection vulnerability in viewhistorydetail.php in iScripts EasyBiller 1.1 allows remote attackers to execute arbitrary SQL commands via the planid parameter.
Max CVSS
7.5
EPSS Score
0.23%
Published
2011-11-02
Updated
2017-08-29
Cross-site scripting (XSS) vulnerability in search.php in iScripts eSwap 2.0 allows remote attackers to inject arbitrary web script or HTML via the txtHomeSearch parameter (aka the search field). NOTE: some of these details are obtained from third party information.
Max CVSS
4.3
EPSS Score
0.66%
Published
2011-11-02
Updated
2017-08-29
SQL injection vulnerability in addsale.php in iScripts eSwap 2.0 allows remote attackers to execute arbitrary SQL commands via the type parameter.
Max CVSS
7.5
EPSS Score
0.55%
Published
2011-11-02
Updated
2017-08-29
Multiple SQL injection vulnerabilities in iScripts AutoHoster, possibly 2.4, allow remote attackers to execute arbitrary SQL commands via the cmbdomain parameter to (1) checktransferstatus.php, (2) checktransferstatusbck.php, or (3) additionalsettings.php; or (4) invno parameter to payinvoiceothers.php.
Max CVSS
7.5
EPSS Score
0.17%
Published
2013-12-20
Updated
2017-08-29
Multiple directory traversal vulnerabilities in iScripts AutoHoster, possibly 2.4, allow remote attackers to read arbitrary files via the (1) tmpid parameter to websitebuilder/showtemplateimage.php, (2) fname parameter to admin/downloadfile.php, or (3) id parameter to support/admin/csvdownload.php; or (4) have an unspecified impact via unspecified vectors in support/parser/main_smtp.php.
Max CVSS
5.0
EPSS Score
2.63%
Published
2013-12-20
Updated
2017-08-29
iScripts SonicBB 1.0 has Reflected Cross-Site Scripting via the query parameter to search.php.
Max CVSS
6.1
EPSS Score
0.26%
Published
2018-04-04
Updated
2018-05-02
iScripts EasyCreate 3.2.1 has Stored Cross-Site Scripting in the "Site title" field.
Max CVSS
5.4
EPSS Score
0.12%
Published
2018-04-04
Updated
2018-05-02
iScripts EasyCreate 3.2.1 has Stored Cross-Site Scripting in the "Site Description" field.
Max CVSS
5.4
EPSS Score
0.12%
Published
2018-04-04
Updated
2018-05-02
iScripts eSwap v2.4 has CSRF via "registration_settings.php" in the Admin Panel.
Max CVSS
8.8
EPSS Score
0.09%
Published
2018-04-11
Updated
2018-05-09
iScripts eSwap v2.4 has XSS via the "registration_settings.php" txtDate parameter in the Admin Panel.
Max CVSS
4.8
EPSS Score
0.06%
Published
2018-04-11
Updated
2018-05-09
iScripts eSwap v2.4 has SQL injection via the "registration_settings.php" ddlFree parameter in the Admin Panel.
Max CVSS
7.2
EPSS Score
0.07%
Published
2018-04-11
Updated
2018-05-09
iScripts SupportDesk v4.3 has XSS via the staff/inteligentsearchresult.php txtinteligentsearch parameter.
Max CVSS
5.4
EPSS Score
0.06%
Published
2018-04-11
Updated
2018-05-09
iScripts SupportDesk v4.3 has XSS via the admin/inteligentsearchresult.php txtinteligentsearch parameter.
Max CVSS
4.8
EPSS Score
0.06%
Published
2018-04-11
Updated
2018-05-09
iScripts eSwap v2.4 has Reflected XSS via the "catwiseproducts.php" catid parameter in the User Panel.
Max CVSS
6.1
EPSS Score
0.08%
Published
2018-04-16
Updated
2018-05-17
iScripts UberforX 2.2 has Stored XSS in the "manage_settings" section of the Admin Panel via a value field to the /cms?section=manage_settings&action=edit URI.
Max CVSS
6.1
EPSS Score
0.08%
Published
2018-04-16
Updated
2018-05-21
29 vulnerabilities found
1 2
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!