Vulnerabilities > Advance B2B Script Project

DATE CVE VULNERABILITY TITLE RISK
2019-03-21 CVE-2018-20635 Path Traversal vulnerability in Advance B2B Script Project Advance B2B Script 2.1.4
PHP Scripts Mall Advance B2B Script 2.1.4 has directory traversal via a direct request for a listing of an image directory such as an assets/ directory.
network
low complexity
advance-b2b-script-project CWE-22
4.3
4.3
2019-03-21 CVE-2018-20634 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Advance B2B Script Project Advance B2B Script 2.1.4
PHP Scripts Mall Advance B2B Script 2.1.4 allows remote attackers to cause a denial of service (changed Page structure) via JavaScript code in the First Name field.
network
low complexity
advance-b2b-script-project CWE-119
6.5
6.5
2019-03-21 CVE-2018-20633 Cross-Site Request Forgery (CSRF) vulnerability in Advance B2B Script Project Advance B2B Script 2.1.4
PHP Scripts Mall Advance B2B Script 2.1.4 has Cross-Site Request Forgery (CSRF) via the Edit Profile feature.
network
low complexity
advance-b2b-script-project CWE-352
8.8
8.8
2019-03-21 CVE-2018-20632 Cross-site Scripting vulnerability in Advance B2B Script Project Advance B2B Script 2.1.4
PHP Scripts Mall Advance B2B Script 2.1.4 has stored Cross-Site Scripting (XSS) via the FIRST NAME or LAST NAME field.
network
low complexity
advance-b2b-script-project CWE-79
5.4
5.4
2017-12-13 CVE-2017-17602 SQL Injection vulnerability in Advance B2B Script Project Advance B2B Script 2.1.3
Advance B2B Script 2.1.3 has SQL Injection via the tradeshow-list-detail.php show_id or view-product.php pid parameter.
network
low complexity
advance-b2b-script-project CWE-89
critical
 9.8
9.8