11 results (0.002 seconds)

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the category.php chid1 parameter. PHP Scripts Mall PHP Multivendor Ecommerce contiene XSS mediante el parámetro chid1 en category.php. • https://github.com/d4wner/Vulnerabilities-Report/blob/master/PHP%20Multivendor%20Ecommerce.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

PHP Scripts Mall PHP Multivendor Ecommerce has SQL Injection via the seller-view.php usid parameter. PHP Scripts Mall PHP Multivendor Ecommerce contiene inyección SQL mediante el parámetro usid en seller-view.php. • https://github.com/d4wner/Vulnerabilities-Report/blob/master/PHP%20Multivendor%20Ecommerce.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

PHP Scripts Mall PHP Multivendor Ecommerce has SQL Injection via the shopping-cart.php cusid parameter. PHP Scripts Mall PHP Multivendor Ecommerce contiene inyección SQL mediante el parámetro cusid en shopping-cart.php. • https://github.com/d4wner/Vulnerabilities-Report/blob/master/PHP%20Multivendor%20Ecommerce.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the seller-view.php usid parameter. PHP Scripts Mall PHP Multivendor Ecommerce contiene XSS mediante el parámetro usid en seller-view.php. • https://github.com/d4wner/Vulnerabilities-Report/blob/master/PHP%20Multivendor%20Ecommerce.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1

PHP Scripts Mall PHP Multivendor Ecommerce has CSRF via admin/sellerupd.php. PHP Scripts Mall PHP Multivendor Ecommerce contiene CSRF mediante admin/sellerupd.php. • https://github.com/d4wner/Vulnerabilities-Report/blob/master/PHP%20Multivendor%20Ecommerce.md • CWE-352: Cross-Site Request Forgery (CSRF) •