Vulnerabilities for Marketplace digital products php (...) - CXSECURITY.COM

Vulnerabilities for
'Marketplace digital products php'

2017-12-28

CVE-2017-17937

CWE-79

Vanguard Marketplace Digital Products PHP has XSS via the phps_query parameter to /search.

CVE-2017-17936

CWE-352

Vanguard Marketplace Digital Products PHP has CSRF via /search.

2017-12-27

CVE-2017-17874

CWE-434

Vanguard Marketplace Digital Products PHP 1.4 allows arbitrary file upload via an "Add a new product" or "Add a product preview" action, which can make a .php file accessible under a uploads/ URI.

CVE-2017-17873

CWE-89

Vanguard Marketplace Digital Products PHP 1.4 has SQL Injection via the PATH_INFO to the /p URI.

>>> Vendor: Vanguard project 2 Products

Marketplace digital products php

Copyright 2024, cxsecurity.com