RSS   Vulnerabilities for 'Posty readymade classifieds'   RSS

2017-12-13
 
CVE-2017-17569

CWE-79
 

 
Scubez Posty Readymade Classifieds has XSS via the admin/user_activate_submit.php ID parameter.

 
 
CVE-2017-17568

CWE-732
 

 
Scubez Posty Readymade Classifieds has Incorrect Access Control for visiting admin/user_activate_submit.php (aka the backend PHP script), which might allow remote attackers to obtain sensitive information via a direct request.

 
 
CVE-2017-17567

CWE-89
 

 
Scubez Posty Readymade Classifieds has SQL Injection via the admin/user_activate_submit.php ID parameter.

 
2017-12-11
 
CVE-2017-17111

CWE-89
 

 
Posty Readymade Classifieds Script 1.0 allows an attacker to inject SQL commands via a listings.php?catid= or ads-details.php?ID= request.

 


Copyright 2024, cxsecurity.com

 

Back to Top