Page 6 of 56 results (0.008 seconds)

CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 1

CVE-2018-15187

https://notcve.org/view.php?id=CVE-2018-15187

PHP Scripts Mall advanced-real-estate-script 4.0.9 has CSRF via edit-profile.php. PHP Scripts Mall advanced-real-estate-script 4.0.9 tiene Cross-Site Request Forgery (CSRF) mediante edit-profile.php. • https://gkaim.com/cve-2018-15187-vikas-chaudhary • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2

CVE-2018-7319 – Joomla! Component OS Property Real Estate 3.12.7 - SQL Injection

https://notcve.org/view.php?id=CVE-2018-7319

SQL Injection exists in the OS Property Real Estate 3.12.7 component for Joomla! via the cooling_system1, heating_system1, or laundry parameter. Existe inyección SQL en el componente OS Property Real Estate 3.12.7 para Joomla! mediante los parámetros cooling_system1, heating_system1 o laundry. Joomla! • https://www.exploit-db.com/exploits/44165 https://exploit-db.com/exploits/44165 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1

CVE-2018-6796

https://notcve.org/view.php?id=CVE-2018-6796

PHP Scripts Mall Multilanguage Real Estate MLM Script 3.0 has Stored XSS via every profile input field. PHP Scripts Mall Multilanguage Real Estate MLM Script 3.0 tiene XSS persistente mediante cada campo de entrada de perfil. • https://exploit-db.com/exploits/43989 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2

CVE-2018-6364 – Multilanguage Real Estate MLM Script 3.0 - 'srch' SQL Injection

https://notcve.org/view.php?id=CVE-2018-6364

SQL Injection exists in Multilanguage Real Estate MLM Script through 3.0 via the /product-list.php srch parameter. Existe inyección SQL en Multilanguage Real Estate MLM Script hasta la versión 3.0 mediante el parámetro srch en /product-list.php. • https://www.exploit-db.com/exploits/43917 https://packetstormsecurity.com/files/146130/Multilanguage-Real-Estate-MLM-Script-3.0-SQL-Injection.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1

CVE-2018-5074

https://notcve.org/view.php?id=CVE-2018-5074

Online Ticket Booking has XSS via the admin/manageownerlist.php contact parameter. Online Ticket Booking tiene Cross-Site Scripting (XSS) mediante el parámetro contact en admin/manageownerlist.php. • https://github.com/d4wner/Vulnerabilities-Report/blob/master/Advanced%20Real%20Estate%20Script.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •