CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2017-17891
https://notcve.org/view.php?id=CVE-2017-17891
Readymade Video Sharing Script has CSRF via user-profile-edit.php. Readymade Video Sharing Script contiene CSRF mediante user-profile-edit.php. • https://github.com/d4wner/Vulnerabilities-Report/blob/master/Readymade-Video-Sharing-Script.md • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2017-17892
https://notcve.org/view.php?id=CVE-2017-17892
Readymade Video Sharing Script has SQL Injection via the viewsubs.php chnlid parameter or the search_video.php search parameter. Readymade Video Sharing Script contiene inyección SQL mediante el parámetro chnlid en viewsubs.php o el parámetro search en search_video.php. • https://github.com/d4wner/Vulnerabilities-Report/blob/master/Readymade-Video-Sharing-Script.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2017-17893
https://notcve.org/view.php?id=CVE-2017-17893
Readymade Video Sharing Script has XSS via the search_video.php search parameter, the viewsubs.php chnlid parameter, or the user-profile-edit.php fname parameter. Readymade Video Sharing Script contiene XSS mediante el parámetro search en search_video.php, el parámetro chnlid en viewsubs.php o el parámetro fname en user-profile-edit.php. • https://github.com/d4wner/Vulnerabilities-Report/blob/master/Readymade-Video-Sharing-Script.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2017-17649 – Readymade Video Sharing Script 3.2 - HTML Injection
https://notcve.org/view.php?id=CVE-2017-17649
Readymade Video Sharing Script 3.2 has HTML Injection via the single-video-detail.php comment parameter. Readymade Video Sharing Script 3.2 tiene una vulnerabilidad de inyección HTML mediante el parámetro comment en single-video-detail.php. Readymade Video Sharing Script version 3.2 suffers from a html injection vulnerability. • https://www.exploit-db.com/exploits/43333 https://packetstormsecurity.com/files/145438/Readymade-Video-Sharing-Script-3.2-HTML-Injection.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2017-17627 – Readymade Video Sharing Script 3.2 - SQL Injection
https://notcve.org/view.php?id=CVE-2017-17627
Readymade Video Sharing Script 3.2 has SQL Injection via the single-video-detail.php report_videos array parameter. Readymade Video Sharing Script 3.2 tiene una inyección SQL mediante el parámetro del array en single-video-detail.php. • https://www.exploit-db.com/exploits/43296 https://packetstormsecurity.com/files/145339/Readymade-Video-Sharing-Script-3.2-SQL-Injection.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •