Jce-tech : Security Vulnerabilities, CVEs, Published In 2010
SQL injection vulnerability in storecat.php in JCE-Tech Overstock 1 allows remote attackers to execute arbitrary SQL commands via the store parameter.
Max CVSS
7.5
EPSS Score
0.06%
Published
2010-06-25
Updated
2017-08-17
SQL injection vulnerability in merchant_product_list.php in JCE-Tech Shareasale Script (SASS) 1 allows remote attackers to execute arbitrary SQL commands via the mechant_id parameter.
Max CVSS
7.5
EPSS Score
0.06%
Published
2010-06-25
Updated
2017-08-17
install.php in JCE-Tech PHP Calendars, downloaded 20100121, allows remote attackers to bypass intended access restrictions and modify application settings via a direct request. NOTE: this is only a vulnerability when the administrator does not follow recommendations in the product's installation documentation.
Max CVSS
5.0
EPSS Score
0.23%
Published
2010-01-22
Updated
2010-01-25
Cross-site scripting (XSS) vulnerability in product_list.php in JCE-Tech PHP Calendars, downloaded 2010-01-11, allows remote attackers to inject arbitrary web script or HTML via the cat parameter. NOTE: this issue is reportedly resultant from a forced SQL error message that occurs from exploitation of CVE-2010-0375.
Max CVSS
4.3
EPSS Score
0.42%
Published
2010-01-21
Updated
2017-08-17
SQL injection vulnerability in product_list.php in JCE-Tech PHP Calendars, downloaded 2010-01-11, allows remote attackers to execute arbitrary SQL commands via the cat parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Max CVSS
7.5
EPSS Score
0.20%
Published
2010-01-21
Updated
2017-08-17
5 vulnerabilities found