CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2018-7319 – Joomla! Component OS Property Real Estate 3.12.7 - SQL Injection
https://notcve.org/view.php?id=CVE-2018-7319
SQL Injection exists in the OS Property Real Estate 3.12.7 component for Joomla! via the cooling_system1, heating_system1, or laundry parameter. Existe inyección SQL en el componente OS Property Real Estate 3.12.7 para Joomla! mediante los parámetros cooling_system1, heating_system1 o laundry. Joomla! • https://www.exploit-db.com/exploits/44165 https://exploit-db.com/exploits/44165 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2018-6796
https://notcve.org/view.php?id=CVE-2018-6796
PHP Scripts Mall Multilanguage Real Estate MLM Script 3.0 has Stored XSS via every profile input field. PHP Scripts Mall Multilanguage Real Estate MLM Script 3.0 tiene XSS persistente mediante cada campo de entrada de perfil. • https://exploit-db.com/exploits/43989 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2018-6364 – Multilanguage Real Estate MLM Script 3.0 - 'srch' SQL Injection
https://notcve.org/view.php?id=CVE-2018-6364
SQL Injection exists in Multilanguage Real Estate MLM Script through 3.0 via the /product-list.php srch parameter. Existe inyección SQL en Multilanguage Real Estate MLM Script hasta la versión 3.0 mediante el parámetro srch en /product-list.php. • https://www.exploit-db.com/exploits/43917 https://packetstormsecurity.com/files/146130/Multilanguage-Real-Estate-MLM-Script-3.0-SQL-Injection.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-5074
https://notcve.org/view.php?id=CVE-2018-5074
Online Ticket Booking has XSS via the admin/manageownerlist.php contact parameter. Online Ticket Booking tiene Cross-Site Scripting (XSS) mediante el parámetro contact en admin/manageownerlist.php. • https://github.com/d4wner/Vulnerabilities-Report/blob/master/Advanced%20Real%20Estate%20Script.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-5073
https://notcve.org/view.php?id=CVE-2018-5073
Online Ticket Booking has CSRF via admin/movieedit.php. Online Ticket Booking tiene Cross-Site Request Forgery (CSRF) en admin/movieedit.php. • https://github.com/d4wner/Vulnerabilities-Report/blob/master/Advanced%20Real%20Estate%20Script.md • CWE-352: Cross-Site Request Forgery (CSRF) •