Security Vulnerabilities - CVEs Published In October 2017
D-Park Pro Domain Parking Script 1.0 allows SQL Injection via the username to admin/loginform.php.
CVSS Score
9.8
EPSS Score
0.025
Published
2017-10-29
Adult Script Pro 2.2.4 allows SQL Injection via the PATH_INFO to a /download URI, a different vulnerability than CVE-2007-6576.
CVSS Score
9.8
EPSS Score
0.023
Published
2017-10-29
Article Directory Script 3.0 allows SQL Injection via the id parameter to author.php or category.php.
CVSS Score
9.8
EPSS Score
0.025
Published
2017-10-29
iProject Management System 1.0 allows SQL Injection via the ID parameter to index.php.
CVSS Score
9.8
EPSS Score
0.025
Published
2017-10-29
iStock Management System 1.0 allows Arbitrary File Upload via user/profile.
CVSS Score
9.8
EPSS Score
0.182
Published
2017-10-29
iTech Gigs Script 1.21 allows SQL Injection via the browse-scategory.php sc parameter or the service-provider.php ser parameter.
CVSS Score
9.8
EPSS Score
0.023
Published
2017-10-29
Job Board Script Software allows SQL Injection via the PATH_INFO to a /job-details URI.
CVSS Score
9.8
EPSS Score
0.025
Published
2017-10-29
The NS Download Shop (aka com_ns_downloadshop) component 2.2.6 for Joomla! allows SQL Injection via the id parameter in an invoice.create action.
CVSS Score
9.8
EPSS Score
0.042
Published
2017-10-29
The Zh YandexMap (aka com_zhyandexmap) component 6.1.1.0 for Joomla! allows SQL Injection via the placemarklistid parameter to index.php.
CVSS Score
9.8
EPSS Score
0.042
Published
2017-10-29
Mailing List Manager Pro 3.0 allows SQL Injection via the edit parameter to admin/users in a sort=login action, or the edit parameter to admin/template.
CVSS Score
9.8
EPSS Score
0.023
Published
2017-10-29