Security Vulnerabilities - CVEs Published In February 2019
PHP Scripts Mall Auction website script 2.0.4 allows parameter tampering of the payment amount.
CVSS Score
6.5
EPSS Score
0.002
Published
2019-02-23
PHP Scripts Mall Cab Booking Script 1.0.3 allows Directory Traversal into the parent directory of a jpg or png file.
CVSS Score
5.3
EPSS Score
0.001
Published
2019-02-23
PHP Scripts Mall Custom T-Shirt Ecommerce Script 3.1.1 allows parameter tampering of the payment amount.
CVSS Score
6.5
EPSS Score
0.002
Published
2019-02-23
PHP Scripts Mall PHP Appointment Booking Script 3.0.3 allows HTML injection in a user profile.
CVSS Score
5.4
EPSS Score
0.002
Published
2019-02-23
An issue was discovered in Pluck 4.7.9-dev1. There is a CSRF vulnerability that can delete a theme (aka topic) via a /admin.php?action=theme_delete&var1= URI.
CVSS Score
6.5
EPSS Score
0.001
Published
2019-02-23
An issue was discovered in Pluck 4.7.9-dev1. There is a CSRF vulnerability that can delete modules via a /admin.php?action=module_delete&var1= URI.
CVSS Score
6.5
EPSS Score
0.001
Published
2019-02-23
An issue was discovered in Pluck 4.7.9-dev1. It allows administrators to execute arbitrary code by using action=installmodule to upload a ZIP archive, which is then extracted and executed.
CVSS Score
7.2
EPSS Score
0.009
Published
2019-02-23
An issue was discovered in Pluck 4.7.9-dev1. There is a CSRF vulnerability that can delete articles via a /admin.php?action=deletepage&var1= URI.
CVSS Score
6.5
EPSS Score
0.001
Published
2019-02-23
An issue was discovered in Pluck 4.7.9-dev1. There is a CSRF vulnerability that can delete pictures via a /admin.php?action=deleteimage&var1= URI.
CVSS Score
6.5
EPSS Score
0.001
Published
2019-02-23
S-CMS PHP v3.0 has a CSRF vulnerability to add a new admin user via the admin/ajax.php?type=admin&action=add URI, a related issue to CVE-2018-19332.
CVSS Score
8.8
EPSS Score
0.001
Published
2019-02-23