RSS   Vulnerabilities for
'Marketplace digital products php'
   RSS

2017-12-28
 
CVE-2017-17937

CWE-79
 

 
Vanguard Marketplace Digital Products PHP has XSS via the phps_query parameter to /search.

 
 
CVE-2017-17936

CWE-352
 

 
Vanguard Marketplace Digital Products PHP has CSRF via /search.

 
2017-12-27
 
CVE-2017-17874

CWE-434
 

 
Vanguard Marketplace Digital Products PHP 1.4 allows arbitrary file upload via an "Add a new product" or "Add a product preview" action, which can make a .php file accessible under a uploads/ URI.

 
 
CVE-2017-17873

CWE-89
 

 
Vanguard Marketplace Digital Products PHP 1.4 has SQL Injection via the PATH_INFO to the /p URI.

 


Copyright 2018, cxsecurity.com

 

Back to Top