Vulnerabilities > Advanced Real Estate Script Project > Advanced Real Estate Script > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-01-05 CVE-2019-20337 SQL Injection vulnerability in Advanced Real Estate Script Project Advanced Real Estate Script 4.0.9
In PHP Scripts Mall advanced-real-estate-script 4.0.9, the news_edit.php news_id parameter is vulnerable to SQL Injection.
6.5
2020-01-05 CVE-2019-20336 Cross-site Scripting vulnerability in Advanced Real Estate Script Project Advanced Real Estate Script 4.0.9
In PHP Scripts Mall advanced-real-estate-script 4.0.9, the search-results.php searchtext parameter is vulnerable to XSS.
4.3
2018-08-10 CVE-2018-15188 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Advanced Real Estate Script Project Advanced Real Estate Script 4.0.9
PHP Scripts Mall advanced-real-estate-script 4.0.9 allows remote attackers to cause a denial of service (page structure loss) via crafted JavaScript code in the Name field of a profile.
5.5
2018-08-10 CVE-2018-15187 Cross-Site Request Forgery (CSRF) vulnerability in Advanced Real Estate Script Project Advanced Real Estate Script 4.0.9
PHP Scripts Mall advanced-real-estate-script 4.0.9 has CSRF via edit-profile.php.
6.0
2018-01-03 CVE-2018-5073 Cross-Site Request Forgery (CSRF) vulnerability in Advanced Real Estate Script Project Advanced Real Estate Script
Online Ticket Booking has CSRF via admin/movieedit.php.
6.0