Lucene search

Paid To Read Script Project Security Vulnerabilities

cve

CVE-2017-17651

Paid To Read Script 2.0.5 has SQL Injection via the admin/userview.php uid parameter, the admin/viewemcamp.php fnum parameter, or the admin/viewvisitcamp.php fn parameter.

9.8CVSS

9.9AI Score

0.002EPSS

2017-12-18 09:29 AM

cve

CVE-2017-17776

Paid To Read Script 2.0.5 has full path disclosure via an invalid admin/userview.php uid parameter.

5.3CVSS

5.3AI Score

0.001EPSS

2017-12-20 03:29 AM

cve

CVE-2017-17777

Paid To Read Script 2.0.5 has authentication bypass in the admin panel via a direct request, as demonstrated by the admin/viewvisitcamp.php fn parameter and the admin/userview.php uid parameter.

9.8CVSS

9.4AI Score

0.007EPSS

2017-12-20 03:29 AM

cve

CVE-2017-17778

Paid To Read Script 2.0.5 has XSS via the referrals.php tier parameter or the admin/userview.php uid parameter.

4.8CVSS

4.9AI Score

0.001EPSS

2017-12-20 03:29 AM

cve

CVE-2017-17779

Paid To Read Script 2.0.5 has SQL injection via the referrals.php id parameter.

9.8CVSS

9.8AI Score

0.002EPSS

2017-12-20 03:29 AM