Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In March 2019
CVE-2018-20628
PHP Scripts Mall Charity Foundation Script 1 through 3 allows directory traversal via a direct request for a listing of an uploads directory such as the wp-content/uploads/2018/12 directory.
CVSS Score
7.5
EPSS Score
0.006
Published
2019-03-21
CVE-2018-20629
PHP Scripts Mall Charity Donation Script readymadeb2bscript has directory traversal via a direct request for a listing of an uploads directory such as the wp-content/uploads/2018/12 directory.
CVSS Score
5.3
EPSS Score
0.002
Published
2019-03-21
CVE-2018-20630
PHP Scripts Mall Advance Crowdfunding Script 2.0.3 has directory traversal via a direct request for a listing of an uploads directory such as the wp-content/uploads/2018/12 directory.
CVSS Score
5.3
EPSS Score
0.003
Published
2019-03-21
CVE-2018-20631
PHP Scripts Mall Website Seller Script 2.0.5 allows full Path Disclosure via a request for an arbitrary image URL such as a .png file.
CVSS Score
5.3
EPSS Score
0.004
Published
2019-03-21
CVE-2018-20632
PHP Scripts Mall Advance B2B Script 2.1.4 has stored Cross-Site Scripting (XSS) via the FIRST NAME or LAST NAME field.
CVSS Score
5.4
EPSS Score
0.002
Published
2019-03-21
CVE-2018-20633
PHP Scripts Mall Advance B2B Script 2.1.4 has Cross-Site Request Forgery (CSRF) via the Edit Profile feature.
CVSS Score
8.8
EPSS Score
0.001
Published
2019-03-21
CVE-2018-20634
PHP Scripts Mall Advance B2B Script 2.1.4 allows remote attackers to cause a denial of service (changed Page structure) via JavaScript code in the First Name field.
CVSS Score
6.5
EPSS Score
0.005
Published
2019-03-21
CVE-2018-20635
PHP Scripts Mall Advance B2B Script 2.1.4 has directory traversal via a direct request for a listing of an image directory such as an assets/ directory.
CVSS Score
4.3
EPSS Score
0.002
Published
2019-03-21
CVE-2018-20636
PHP Scripts Mall Chartered Accountant : Auditor Website 2.0.1 has HTML injection via the First Name field.
CVSS Score
5.4
EPSS Score
0.002
Published
2019-03-21
CVE-2018-20637
PHP Scripts Mall Chartered Accountant : Auditor Website 2.0.1 allows remote attackers to cause a denial of service (unrecoverable blank profile) via crafted JavaScript code in the First Name and Last Name field.
CVSS Score
6.5
EPSS Score
0.005
Published
2019-03-21


Products
Pricing
Contact Us

Shodan ® - All rights reserved