Website Security Vulnerabilities
Reflected XSS exists in PHP Scripts Mall Website Seller Script 2.0.3 via the Listings Search...
6.1CVSS
6AI Score
0.001EPSS
PHP Scripts Mall Website Seller Script 2.0.3 uses the client side to enforce validation of an e-mail address, which allows remote attackers to modify a registered e-mail address by removing the validation...
8.8CVSS
8.6AI Score
0.003EPSS
PHP Scripts Mall Website Broker Script 3.0.6 has XSS via the Last Name field on the My Profile...
5.4CVSS
5.3AI Score
0.001EPSS
9.8CVSS
9.8AI Score
0.003EPSS
Freelance Website Script 2.0.6 has SQL Injection via the jobdetails.php pr_id parameter or the searchbycat_list.php catid...
9.8CVSS
9.9AI Score
0.002EPSS
9.8CVSS
9.9AI Score
0.002EPSS
9.8CVSS
9.8AI Score
0.002EPSS
9.8CVSS
9.8AI Score
0.003EPSS
Security guide for website operators allows remote attackers to execute arbitrary OS commands via specially crafted saved...
8.8CVSS
9AI Score
0.006EPSS
Multiple SQL injection vulnerabilities in Dynamic Biz Website Builder (QuickWeb) allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to apps/news-events/newdetail.asp, or the (2) UserID or (3) Password to...
8.8AI Score
0.001EPSS
The PayPal (aka MODULE_PAYMENT_PAYPAL_STANDARD) module before 1.1 in osCommerce Online Merchant before 2.3.4 allows remote attackers to set the payment recipient via a modified value of the merchant's e-mail address, as demonstrated by setting the recipient to one's...
6.7AI Score
0.002EPSS
SQL injection vulnerability in detail.asp in Micronetsoft Rental Property Management Website 1.0 allows remote attackers to execute arbitrary SQL commands via the ad_ID...
8.7AI Score
0.001EPSS
SQL injection vulnerability in detail.asp in Micronetsoft RV Dealer Website 1.0 allows remote attackers to execute arbitrary SQL commands via the vehicletypeID...
8.7AI Score
0.001EPSS
Multiple SQL injection vulnerabilities in MicroNetsoft RV Dealer Website allow remote attackers to execute arbitrary SQL commands via the (1) selStock parameter to search.asp and the (2) orderBy parameter to...
8.8AI Score
0.001EPSS
SQL injection vulnerability in recipedetail.php in BrotherScripts Recipe Website allows remote attackers to execute arbitrary SQL commands via the id...
8.7AI Score
0.001EPSS
Multiple cross-site scripting (XSS) vulnerabilities in Jokes Complete Website allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to joke.php and the (2) searchingred parameter to...
5.9AI Score
0.002EPSS
SQL injection vulnerability in index.php in Multi Website 1.5 allows remote attackers to execute arbitrary SQL commands via the Browse parameter in a vote...
8.6AI Score
0.001EPSS
Unrestricted file upload vulnerability in eZoneScripts Dating Website script allows remote attackers to execute arbitrary code via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party...
7.7AI Score
0.007EPSS
SQL injection vulnerability in joke.php in EasySiteNetwork Free Jokes Website allows remote attackers to execute arbitrary SQL commands via the id...
8.7AI Score
0.001EPSS
SQL injection vulnerability in showcategory.php in Hutscripts PHP Website Script allows remote attackers to execute arbitrary SQL commands via the cid...
8.8AI Score
0.002EPSS
Multiple cross-site scripting (XSS) vulnerabilities in Hutscripts PHP Website Script allow remote attackers to inject arbitrary web script or HTML via the msg parameter to (1) feedback.php, (2) index.php, and (3)...
6AI Score
0.004EPSS
Directory traversal vulnerability in download.php in eMetrix Extract Website allows remote attackers to read arbitrary files via a .. (dot dot) in the filename...
6.8AI Score
0.042EPSS
SQL injection vulnerability in click.php in Adult Banner Exchange Website allows remote attackers to execute arbitrary SQL commands via the targetid...
8.7AI Score
0.003EPSS
SQL injection vulnerability in joke.php in Jokes Complete Website 2.1.3 allows remote attackers to execute arbitrary SQL commands via the jokeid...
8.4AI Score
0.001EPSS
SQL injection vulnerability in riddle.php in Riddles Website 1.2.1 allows remote attackers to execute arbitrary SQL commands via the riddleid...
8.4AI Score
0.001EPSS
SQL injection vulnerability in drinks/drink.php in Drinks Complete Website 2.1.0 allows remote attackers to execute arbitrary SQL commands via the drinkid...
8.4AI Score
0.001EPSS
SQL injection vulnerability in tip.php in Tips Complete Website 1.2.0 allows remote attackers to execute arbitrary SQL commands via the tipid...
8.4AI Score
0.001EPSS
SQL injection vulnerability in item.php in Cheats Complete Website 1.1.1 allows remote attackers to execute arbitrary SQL commands via the itemid...
8.4AI Score
0.001EPSS
Cross-site scripting (XSS) vulnerability in index.php in MaxiScript Website Directory allows remote attackers to inject arbitrary web script or HTML via the keyword parameter in a search...
5.7AI Score
0.003EPSS
wml_backend/p1_ipp/ipp.src in Website META Language (WML) 2.0.11 allows local users to overwrite arbitrary files via a symlink attack on the ipp.$$.tmp temporary...
5.9AI Score
0.0004EPSS
Website META Language (WML) 2.0.11 allows local users to overwrite arbitrary files via a symlink attack on (1) the /tmp/pe.tmp.$$ temporary file used by wml_contrib/wmg.cgi and (2) temporary files used by...
6AI Score
0.0004EPSS
SQL injection vulnerability in list.php in Easysitenetwork Recipe allows remote attackers to execute arbitrary SQL commands via the categoryid...
8.4AI Score
0.001EPSS
Multiple SQL injection vulnerabilities in Wallpaper Site 1.0.09 allow remote attackers to execute arbitrary SQL commands via (1) the catid parameter to category.php or (2) the groupid parameter to...
8.5AI Score
0.001EPSS
Cross-site scripting (XSS) vulnerability in VisNetic Website before 3.5.15 allows remote attackers to inject arbitrary web script or HTML via the HTTP referer header (HTTP_REFERER) to a non-existent page, which is injected into the resulting 404 error...
5.9AI Score
0.002EPSS
Buffer overflow in httpd32.exe in Deerfield VisNetic WebSite before 3.5.15 allows remote attackers to cause a denial of service (crash) via a long HTTP OPTIONS...
7.2AI Score
0.009EPSS
Multiple cross-site scripting (XSS) vulnerabilities in Ripe Website Manager 0.8.9 and earlier allow remote authenticated users to inject arbitrary web script or HTML via one or more of the following vectors: the (1) id parameter to (a) pages/delete_page.php, (b) navigation/delete_menu.php, and (c)....
6.4AI Score
0.007EPSS
Multiple SQL injection vulnerabilities in Ripe Website Manager 0.8.9 and earlier allow remote authenticated users to execute arbitrary SQL commands via one or more of the following vectors: the (1) id parameter to (a) pages/delete_page.php, (b) navigation/delete_menu.php, and (c)...
8.1AI Score
0.002EPSS
SQL injection vulnerability in the login script in Real Estate listing website application template, when logging in as user or manager, allows remote attackers to execute arbitrary SQL commands via the Password...
8.3AI Score
0.01EPSS
Multiple PHP remote file inclusion vulnerabilities in Ripe Website Manager 0.8.9 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the level parameter to (1) admin/includes/author_panel_header.php or (2)...
7.7AI Score
0.209EPSS
Ripe Website Manager 0.8.9 and earlier allows remote attackers to obtain configuration information via a direct request to includes/phpinfo.php, which calls the phpinfo function. NOTE: the provenance of this information is unknown; the details are obtained solely from third party...
6.3AI Score
0.008EPSS
Cross-site scripting (XSS) vulnerability in contact/index.php in Ripe Website Manager 0.8.4 and earlier allows remote attackers to inject arbitrary web script or HTML via a leading "<"<" in the ripeformpost...
5.7AI Score
0.006EPSS
SQL injection vulnerability in contact/index.php in Ripe Website Manager 0.8.4 and earlier allows remote attackers to execute arbitrary SQL commands via the ripeformpost...
8.4AI Score
0.013EPSS
Multiple PHP remote file inclusion vulnerabilities in GraFX Company WebSite Builder (CWB) PRO 1.5 allow remote attackers to execute arbitrary PHP code via a URL in the INCLUDE_PATH parameter to (1) cls_headline_prod.php, (2) cls_listorders.php, or (3) cls_viewpastorders.php in include/, different.....
7.6AI Score
0.097EPSS
Multiple SQL injection vulnerabilities in the MySQL back-end in Advanced Website Creator (AWC) before 1.9.0 might allow remote attackers to execute arbitrary SQL commands via unspecified parameters, related to use of mysql_escape_string instead of...
8.5AI Score
0.004EPSS
PHP remote file inclusion vulnerability in comanda.php in GraFX Company WebSite Builder (CWB) PRO 1.9.8, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the INCLUDE_PATH...
7.4AI Score
0.073EPSS
SQL injection vulnerability in the is_remembered function in class.login.php in Website Baker 2.6.5 and earlier allows remote attackers to execute arbitrary SQL commands via the REMEMBER_KEY cookie parameter. NOTE: some of these details are obtained from third party...
8.3AI Score
0.005EPSS
PHP remote file inclusion vulnerability in lib/nl/nl.php in Neon Labs Website (nlws) 3.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the g_strRootDir...
7.6AI Score
0.039EPSS
Multiple PHP remote file inclusion vulnerabilities in magic photo storage website allow remote attackers to execute arbitrary PHP code via a URL in the _config[site_path] parameter to (1) admin_password.php, (2) add_welcome_text.php, (3) admin_email.php, (4) add_templates.php, (5)...
7.6AI Score
0.145EPSS
PHP remote file inclusion vulnerability in include/common_function.php in magic photo storage website allows remote attackers to execute arbitrary PHP code via a URL in the _config[site_path]...
7.5AI Score
0.1EPSS
Multiple SQL injection vulnerabilities in Wallpaper Website (Wallpaper Complete Website) 1.0.09 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) login or (2) password parameter to (a) process.php, or the (3) wallpaperid parameter to (b)...
9.1AI Score
0.001EPSS