5 results (0.012 seconds)

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1

Readymade Video Sharing Script has CSRF via user-profile-edit.php. Readymade Video Sharing Script contiene CSRF mediante user-profile-edit.php. • https://github.com/d4wner/Vulnerabilities-Report/blob/master/Readymade-Video-Sharing-Script.md • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

Readymade Video Sharing Script has SQL Injection via the viewsubs.php chnlid parameter or the search_video.php search parameter. Readymade Video Sharing Script contiene inyección SQL mediante el parámetro chnlid en viewsubs.php o el parámetro search en search_video.php. • https://github.com/d4wner/Vulnerabilities-Report/blob/master/Readymade-Video-Sharing-Script.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

Readymade Video Sharing Script has XSS via the search_video.php search parameter, the viewsubs.php chnlid parameter, or the user-profile-edit.php fname parameter. Readymade Video Sharing Script contiene XSS mediante el parámetro search en search_video.php, el parámetro chnlid en viewsubs.php o el parámetro fname en user-profile-edit.php. • https://github.com/d4wner/Vulnerabilities-Report/blob/master/Readymade-Video-Sharing-Script.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2

Readymade Video Sharing Script 3.2 has HTML Injection via the single-video-detail.php comment parameter. Readymade Video Sharing Script 3.2 tiene una vulnerabilidad de inyección HTML mediante el parámetro comment en single-video-detail.php. Readymade Video Sharing Script version 3.2 suffers from a html injection vulnerability. • https://www.exploit-db.com/exploits/43333 https://packetstormsecurity.com/files/145438/Readymade-Video-Sharing-Script-3.2-HTML-Injection.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2

Readymade Video Sharing Script 3.2 has SQL Injection via the single-video-detail.php report_videos array parameter. Readymade Video Sharing Script 3.2 tiene una inyección SQL mediante el parámetro del array en single-video-detail.php. • https://www.exploit-db.com/exploits/43296 https://packetstormsecurity.com/files/145339/Readymade-Video-Sharing-Script-3.2-SQL-Injection.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •