Filtered by vendor Itechscripts
Subscribe
Total
24 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-20138 | 1 Itechscripts | 1 Auction Script | 2024-11-21 | 7.5 HIGH | 6.3 MEDIUM |
A vulnerability was found in Itech Auction Script 6.49. It has been classified as critical. This affects an unknown part of the file /mcategory.php. The manipulation of the argument mcid with the input 4' AND 1734=1734 AND 'Ggks'='Ggks leads to sql injection (Blind). It is possible to initiate the attack remotely. | |||||
CVE-2017-20137 | 1 Itechscripts | 1 B2b Script | 2024-11-21 | 5.0 MEDIUM | 6.3 MEDIUM |
A vulnerability was found in Itech B2B Script 4.28. It has been rated as critical. This issue affects some unknown processing of the file /catcompany.php. The manipulation of the argument token with the input 704667c6a1e7ce56d3d6fa748ab6d9af3fd7' AND 6539=6539 AND 'Fakj'='Fakj leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
CVE-2017-20136 | 1 Itechscripts | 1 Classifieds Script | 2024-11-21 | 5.0 MEDIUM | 6.3 MEDIUM |
A vulnerability classified as critical has been found in Itech Classifieds Script 7.27. Affected is an unknown function of the file /subpage.php. The manipulation of the argument scat with the input =51' AND 4941=4941 AND 'hoCP'='hoCP leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
CVE-2017-20135 | 1 Itechscripts | 1 Dating Script | 2024-11-21 | N/A | 6.3 MEDIUM |
A vulnerability classified as critical was found in Itech Dating Script 3.26. Affected by this vulnerability is an unknown functionality of the file /see_more_details.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
CVE-2017-20134 | 1 Itechscripts | 1 Freelancer Script | 2024-11-21 | N/A | 6.3 MEDIUM |
A vulnerability, which was classified as critical, has been found in Itech Freelancer Script 5.13. Affected by this issue is some unknown functionality of the file /category.php. The manipulation of the argument sk leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
CVE-2017-20133 | 1 Itechscripts | 1 Job Portal Script | 2024-11-21 | N/A | 7.3 HIGH |
A vulnerability, which was classified as critical, was found in Itech Job Portal Script 9.13. This affects an unknown part of the file /admin. The manipulation leads to improper authentication. It is possible to initiate the attack remotely. | |||||
CVE-2017-20132 | 1 Itechscripts | 1 Multi Vendor Script | 2024-11-21 | N/A | 6.3 MEDIUM |
A vulnerability was found in Itech Multi Vendor Script 6.49 and classified as critical. This issue affects some unknown processing of the file /multi-vendor-shopping-script/product-list.php. The manipulation of the argument pl leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
CVE-2017-20131 | 1 Itechscripts | 1 News Portal Script | 2024-11-21 | N/A | 6.3 MEDIUM |
A vulnerability was found in Itech News Portal 6.28. It has been classified as critical. Affected is an unknown function of the file /news-portal-script/information.php. The manipulation of the argument inf leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
CVE-2017-20130 | 1 Itechscripts | 1 Real Estate Script | 2024-11-21 | N/A | 6.3 MEDIUM |
A vulnerability was found in Itech Real Estate Script 3.12. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /real-estate-script/search_property.php. The manipulation of the argument property_for leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
CVE-2017-15963 | 1 Itechscripts | 1 Gigs Script | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
iTech Gigs Script 1.21 allows SQL Injection via the browse-scategory.php sc parameter or the service-provider.php ser parameter. | |||||
CVE-2014-100020 | 1 Itechscripts | 1 Itechclassifieds | 2024-11-21 | 7.5 HIGH | N/A |
SQL injection vulnerability in ChangeEmail.php in iTechClassifieds 3.03.057 allows remote attackers to execute arbitrary SQL commands via the PreviewNum parameter. NOTE: the CatID parameter is already covered by CVE-2008-0685. | |||||
CVE-2012-4281 | 1 Itechscripts | 1 Travelon Express | 2024-11-21 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in Travelon Express 6.2.2 allow remote attackers to execute arbitrary SQL commands via the hid parameter to (1) holiday.php or (2) holiday_book.php, (3) id parameter to pages.php, (4) fid parameter to admin/airline-edit.php, or (5) cid parameter to admin/customer-edit.php. | |||||
CVE-2012-4266 | 1 Itechscripts | 1 Proman Xpress | 2024-11-21 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in client_details.php in Proman Xpress 5.0.1 allows remote attackers to inject arbitrary web script or HTML via the cl_comments parameter. NOTE: some of these details are obtained from third party information. | |||||
CVE-2012-4265 | 1 Itechscripts | 1 Proman Xpress | 2024-11-21 | 7.5 HIGH | N/A |
SQL injection vulnerability in category_edit.php in Proman Xpress 5.0.1 allows remote attackers to execute arbitrary SQL commands via the cid parameter. | |||||
CVE-2012-2939 | 1 Itechscripts | 1 Travelon Express | 2024-11-21 | 6.5 MEDIUM | N/A |
Multiple unrestricted file upload vulnerabilities in Travelon Express 6.2.2 allow remote authenticated users to execute arbitrary code by uploading a file with an executable extension using (1) airline-edit.php, (2) hotel-image-add.php, or (3) hotel-add.php. | |||||
CVE-2012-2938 | 1 Itechscripts | 1 Travelon Express | 2024-11-21 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in Travelon Express 6.2.2 allow remote attackers to inject arbitrary web script or HTML via the holiday name field to (1) holiday_add.php or (2) holiday_view.php. | |||||
CVE-2009-3968 | 1 Itechscripts | 1 Itechbids | 2024-11-21 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in ITechBids 8.0 allow remote attackers to execute arbitrary SQL commands via the (1) user_id parameter to feedback.php, (2) cate_id parameter to category.php, (3) id parameter to news.php, and (4) productid parameter to itechd.php. NOTE: the sellers_othersitem.php, classifieds.php, and shop.php vectors are already covered by CVE-2008-3238. | |||||
CVE-2008-4872 | 1 Itechscripts | 1 Itechbids | 2024-11-21 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in bidhistory.php in iTechBids Gold 5.0 allows remote attackers to inject arbitrary web script or HTML via the item_id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2008-3238 | 1 Itechscripts | 1 Itechbids | 2024-11-21 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in ITechBids 7.0 Gold allow remote attackers to execute arbitrary SQL commands via (1) the seller_id parameter in sellers_othersitem.php, (2) the productid parameter in classifieds.php, and (3) the id parameter in shop.php. | |||||
CVE-2008-3237 | 1 Itechscripts | 1 Itechbids | 2024-11-21 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in forward_to_friend.php in ITechBids 7.0 Gold allows remote attackers to inject arbitrary web script or HTML via the productid parameter. |