Vulnerabilities (CVE)

Filtered by vendor Itechscripts Subscribe
Total 24 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-20138 1 Itechscripts 1 Auction Script 2024-11-21 7.5 HIGH 6.3 MEDIUM
A vulnerability was found in Itech Auction Script 6.49. It has been classified as critical. This affects an unknown part of the file /mcategory.php. The manipulation of the argument mcid with the input 4' AND 1734=1734 AND 'Ggks'='Ggks leads to sql injection (Blind). It is possible to initiate the attack remotely.
CVE-2017-20137 1 Itechscripts 1 B2b Script 2024-11-21 5.0 MEDIUM 6.3 MEDIUM
A vulnerability was found in Itech B2B Script 4.28. It has been rated as critical. This issue affects some unknown processing of the file /catcompany.php. The manipulation of the argument token with the input 704667c6a1e7ce56d3d6fa748ab6d9af3fd7' AND 6539=6539 AND 'Fakj'='Fakj leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2017-20136 1 Itechscripts 1 Classifieds Script 2024-11-21 5.0 MEDIUM 6.3 MEDIUM
A vulnerability classified as critical has been found in Itech Classifieds Script 7.27. Affected is an unknown function of the file /subpage.php. The manipulation of the argument scat with the input =51' AND 4941=4941 AND 'hoCP'='hoCP leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2017-20135 1 Itechscripts 1 Dating Script 2024-11-21 N/A 6.3 MEDIUM
A vulnerability classified as critical was found in Itech Dating Script 3.26. Affected by this vulnerability is an unknown functionality of the file /see_more_details.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2017-20134 1 Itechscripts 1 Freelancer Script 2024-11-21 N/A 6.3 MEDIUM
A vulnerability, which was classified as critical, has been found in Itech Freelancer Script 5.13. Affected by this issue is some unknown functionality of the file /category.php. The manipulation of the argument sk leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2017-20133 1 Itechscripts 1 Job Portal Script 2024-11-21 N/A 7.3 HIGH
A vulnerability, which was classified as critical, was found in Itech Job Portal Script 9.13. This affects an unknown part of the file /admin. The manipulation leads to improper authentication. It is possible to initiate the attack remotely.
CVE-2017-20132 1 Itechscripts 1 Multi Vendor Script 2024-11-21 N/A 6.3 MEDIUM
A vulnerability was found in Itech Multi Vendor Script 6.49 and classified as critical. This issue affects some unknown processing of the file /multi-vendor-shopping-script/product-list.php. The manipulation of the argument pl leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2017-20131 1 Itechscripts 1 News Portal Script 2024-11-21 N/A 6.3 MEDIUM
A vulnerability was found in Itech News Portal 6.28. It has been classified as critical. Affected is an unknown function of the file /news-portal-script/information.php. The manipulation of the argument inf leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2017-20130 1 Itechscripts 1 Real Estate Script 2024-11-21 N/A 6.3 MEDIUM
A vulnerability was found in Itech Real Estate Script 3.12. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /real-estate-script/search_property.php. The manipulation of the argument property_for leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2017-15963 1 Itechscripts 1 Gigs Script 2024-11-21 7.5 HIGH 9.8 CRITICAL
iTech Gigs Script 1.21 allows SQL Injection via the browse-scategory.php sc parameter or the service-provider.php ser parameter.
CVE-2014-100020 1 Itechscripts 1 Itechclassifieds 2024-11-21 7.5 HIGH N/A
SQL injection vulnerability in ChangeEmail.php in iTechClassifieds 3.03.057 allows remote attackers to execute arbitrary SQL commands via the PreviewNum parameter. NOTE: the CatID parameter is already covered by CVE-2008-0685.
CVE-2012-4281 1 Itechscripts 1 Travelon Express 2024-11-21 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in Travelon Express 6.2.2 allow remote attackers to execute arbitrary SQL commands via the hid parameter to (1) holiday.php or (2) holiday_book.php, (3) id parameter to pages.php, (4) fid parameter to admin/airline-edit.php, or (5) cid parameter to admin/customer-edit.php.
CVE-2012-4266 1 Itechscripts 1 Proman Xpress 2024-11-21 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in client_details.php in Proman Xpress 5.0.1 allows remote attackers to inject arbitrary web script or HTML via the cl_comments parameter. NOTE: some of these details are obtained from third party information.
CVE-2012-4265 1 Itechscripts 1 Proman Xpress 2024-11-21 7.5 HIGH N/A
SQL injection vulnerability in category_edit.php in Proman Xpress 5.0.1 allows remote attackers to execute arbitrary SQL commands via the cid parameter.
CVE-2012-2939 1 Itechscripts 1 Travelon Express 2024-11-21 6.5 MEDIUM N/A
Multiple unrestricted file upload vulnerabilities in Travelon Express 6.2.2 allow remote authenticated users to execute arbitrary code by uploading a file with an executable extension using (1) airline-edit.php, (2) hotel-image-add.php, or (3) hotel-add.php.
CVE-2012-2938 1 Itechscripts 1 Travelon Express 2024-11-21 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in Travelon Express 6.2.2 allow remote attackers to inject arbitrary web script or HTML via the holiday name field to (1) holiday_add.php or (2) holiday_view.php.
CVE-2009-3968 1 Itechscripts 1 Itechbids 2024-11-21 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in ITechBids 8.0 allow remote attackers to execute arbitrary SQL commands via the (1) user_id parameter to feedback.php, (2) cate_id parameter to category.php, (3) id parameter to news.php, and (4) productid parameter to itechd.php. NOTE: the sellers_othersitem.php, classifieds.php, and shop.php vectors are already covered by CVE-2008-3238.
CVE-2008-4872 1 Itechscripts 1 Itechbids 2024-11-21 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in bidhistory.php in iTechBids Gold 5.0 allows remote attackers to inject arbitrary web script or HTML via the item_id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-3238 1 Itechscripts 1 Itechbids 2024-11-21 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in ITechBids 7.0 Gold allow remote attackers to execute arbitrary SQL commands via (1) the seller_id parameter in sellers_othersitem.php, (2) the productid parameter in classifieds.php, and (3) the id parameter in shop.php.
CVE-2008-3237 1 Itechscripts 1 Itechbids 2024-11-21 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in forward_to_friend.php in ITechBids 7.0 Gold allows remote attackers to inject arbitrary web script or HTML via the productid parameter.