Vulnerabilities > Vanguard Project > High

DATE CVE VULNERABILITY TITLE RISK
2017-12-28 CVE-2017-17936 Cross-Site Request Forgery (CSRF) vulnerability in Vanguard Project Marketplace Digital products PHP
Vanguard Marketplace Digital Products PHP has CSRF via /search.
network
low complexity
vanguard-project CWE-352
8.8
8.8
2017-12-27 CVE-2017-17874 Unrestricted Upload of File with Dangerous Type vulnerability in Vanguard Project Marketplace Digital products PHP 1.4.0
Vanguard Marketplace Digital Products PHP 1.4 allows arbitrary file upload via an "Add a new product" or "Add a product preview" action, which can make a .php file accessible under a uploads/ URI.
network
low complexity
vanguard-project CWE-434
8.8
8.8