CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 1CVE-2025-3975 – ScriptAndTools eCommerce-website-in-PHP subscriber-csv.php information disclosure
https://notcve.org/view.php?id=CVE-2025-3975
27 Apr 2025 — A vulnerability was found in ScriptAndTools eCommerce-website-in-PHP 3.0 and classified as problematic. This issue affects some unknown processing of the file /admin/subscriber-csv.php. The manipulation leads to information disclosure. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://vuldb.com/?ctiid.306311 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-284: Improper Access Control •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2025-3557 – ScriptAndTools eCommerce-website-in-PHP cross-site request forgery
https://notcve.org/view.php?id=CVE-2025-3557
14 Apr 2025 — A vulnerability, which was classified as problematic, has been found in ScriptAndTools eCommerce-website-in-PHP 3.0. Affected by this issue is some unknown functionality. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://vuldb.com/?id.304598 • CWE-352: Cross-Site Request Forgery (CSRF) CWE-862: Missing Authorization •
CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 1CVE-2025-3556 – ScriptAndTools eCommerce-website-in-PHP login.php excessive authentication
https://notcve.org/view.php?id=CVE-2025-3556
14 Apr 2025 — A vulnerability classified as problematic was found in ScriptAndTools eCommerce-website-in-PHP 3.0. Affected by this vulnerability is an unknown functionality of the file /admin/login.php. The manipulation leads to improper restriction of excessive authentication attempts. The attack can be launched remotely. The complexity of an attack is rather high. • https://vuldb.com/?id.304597 • CWE-307: Improper Restriction of Excessive Authentication Attempts CWE-799: Improper Control of Interaction Frequency •
CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 1CVE-2025-3555 – ScriptAndTools eCommerce-website-in-PHP login.php excessive authentication
https://notcve.org/view.php?id=CVE-2025-3555
14 Apr 2025 — A vulnerability classified as problematic has been found in ScriptAndTools eCommerce-website-in-PHP 3.0. Affected is an unknown function of the file /login.php. The manipulation leads to improper restriction of excessive authentication attempts. It is possible to launch the attack remotely. The complexity of an attack is rather high. • https://vuldb.com/?id.304596 • CWE-307: Improper Restriction of Excessive Authentication Attempts CWE-799: Improper Control of Interaction Frequency •