SQL Injection exists in Vastal I-Tech Buddy Zone Facebook Clone 2.9.9 via the /chat_im/chat_window.php request_id parameter or the /search_events.php category parameter.
Max CVSS
9.8
EPSS Score
0.24%
Published
2018-01-29
Updated
2018-02-14
Vastal I-Tech Agent Zone (aka The Real Estate Script) allows SQL Injection in searchCommercial.php via the property_type, city, or posted_by parameter, or searchResidential.php via the property_type, city, or bedroom parameter, a different vulnerability than CVE-2008-3951, CVE-2009-3497, and CVE-2012-0982.
Max CVSS
9.8
EPSS Score
0.28%
Published
2017-10-31
Updated
2017-11-18
Vastal I-Tech Dating Zone 0.9.9 allows SQL Injection via the 'product_id' to add_to_cart.php, a different vulnerability than CVE-2008-4461.
Max CVSS
9.8
EPSS Score
0.29%
Published
2017-10-29
Updated
2017-11-17
SQL injection vulnerability in groups.php in Vastal I-Tech phpVID 0.9.9 and 1.2.3 allows remote attackers to execute arbitrary SQL commands via the order_by parameter. NOTE: The cat parameter vector is already covered by CVE-2008-4157.
Max CVSS
7.5
EPSS Score
0.13%
Published
2015-03-20
Updated
2015-03-23
Multiple cross-site scripting (XSS) vulnerabilities in Vastal I-Tech phpVID 1.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) n parameter to browse_videos.php or the (2) cat parameter to groups.php.
Max CVSS
4.3
EPSS Score
1.57%
Published
2013-08-19
Updated
2013-08-20
Multiple SQL injection vulnerabilities in Vastal I-Tech phpVID 1.2.3 allow remote attackers to execute arbitrary SQL commands via the "n" parameter to (1) browse_videos.php or (2) members.php. NOTE: the cat parameter is already covered by CVE-2008-4157.
Max CVSS
7.5
EPSS Score
0.45%
Published
2013-08-19
Updated
2013-08-20
SQL injection vulnerability in show_code.php in Vastal I-Tech Freelance Zone allows remote attackers to execute arbitrary SQL commands via the code_id parameter.
Max CVSS
7.5
EPSS Score
0.08%
Published
2013-01-31
Updated
2017-08-29
SQL injection vulnerability in search.php in Vastal I-Tech Agent Zone (aka The Real Estate Script) allows remote attackers to execute arbitrary SQL commands via the price_from parameter.
Max CVSS
7.5
EPSS Score
0.06%
Published
2012-02-02
Updated
2017-08-29
SQL injection vulnerability in view_news.php in Vastal I-Tech MMORPG Zone allows remote attackers to execute arbitrary SQL commands via the news_id parameter. NOTE: the game_id vector is already covered by CVE-2008-4460.
Max CVSS
7.5
EPSS Score
0.14%
Published
2009-09-30
Updated
2017-08-17
SQL injection vulnerability in view_listing.php in Vastal I-Tech Agent Zone (aka The Real Estate Script) allows remote attackers to execute arbitrary SQL commands via the id parameter.
Max CVSS
7.5
EPSS Score
0.12%
Published
2009-09-30
Updated
2009-10-01
Cross-site scripting (XSS) vulnerability in view_mag.php in Vastal I-Tech DVD Zone allows remote attackers to inject arbitrary web script or HTML via the mag_id parameter.
Max CVSS
4.3
EPSS Score
0.25%
Published
2009-09-30
Updated
2009-10-01
SQL injection vulnerability in view_mag.php in Vastal I-Tech DVD Zone allows remote attackers to execute arbitrary SQL commands via the mag_id parameter, a different vector than CVE-2008-4465.
Max CVSS
7.5
EPSS Score
0.19%
Published
2009-09-30
Updated
2009-10-01
SQL injection vulnerability in view_product.php in Vastal I-Tech Software Zone allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.
Max CVSS
7.5
EPSS Score
0.06%
Published
2009-02-20
Updated
2017-09-29
SQL injection vulnerability in groups.php in Vastal I-Tech phpVID 1.1 allows remote attackers to execute arbitrary SQL commands via the cat parameter, a different vector than CVE-2007-3610. NOTE: it was later reported that 1.2.3 is also affected.
Max CVSS
7.5
EPSS Score
0.29%
Published
2008-09-22
Updated
2017-09-29
SQL injection vulnerability in keyword_search_action.php in Vastal I-Tech Shaadi Zone 1.0.9 allows remote attackers to execute arbitrary SQL commands via the tage parameter.
Max CVSS
7.5
EPSS Score
0.11%
Published
2008-09-11
Updated
2017-09-29
SQL injection vulnerability in view_ann.php in Vastal I-Tech Agent Zone (aka The Real Estate Script) allows remote attackers to execute arbitrary SQL commands via the ann_id parameter.
Max CVSS
7.5
EPSS Score
0.11%
Published
2008-09-11
Updated
2017-09-29
Cross-site scripting (XSS) vulnerability in search_results.php in Vastal I-Tech phpVID 1.1 and 1.2 allows remote attackers to inject arbitrary web script or HTML via the query parameter. NOTE: some of these details are obtained from third party information. NOTE: it was later reported that 1.2.3 is also affected.
Max CVSS
4.3
EPSS Score
0.48%
Published
2008-05-19
Updated
2017-09-29
17 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!