Skip to main content

Eswap

7 CVEs product

Monthly

CVE-2018-11470 HIGH POC This Week

iScripts eSwap v2.4 has SQL injection via the "search.php" 'Told' parameter in the User Panel. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Eswap
NVD GitHub
CVSS 3.0
8.8
EPSS
1.1%
CVE-2018-11373 CRITICAL POC Act Now

iScripts eSwap v2.4 has SQL injection via the "salelistdetailed.php" User Panel ToId parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Eswap
NVD GitHub
CVSS 3.0
9.8
EPSS
1.2%
CVE-2018-11372 CRITICAL POC Act Now

iScripts eSwap v2.4 has SQL injection via the wishlistdetailed.php User Panel ToId parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Eswap
NVD GitHub
CVSS 3.0
9.8
EPSS
1.2%
CVE-2018-10135 MEDIUM POC This Month

iScripts eSwap v2.4 has Reflected XSS via the "catwiseproducts.php" catid parameter in the User Panel. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Eswap
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-10050 HIGH POC This Week

iScripts eSwap v2.4 has SQL injection via the "registration_settings.php" ddlFree parameter in the Admin Panel. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Eswap
NVD
CVSS 3.0
7.2
EPSS
1.0%
CVE-2018-10049 MEDIUM POC This Month

iScripts eSwap v2.4 has XSS via the "registration_settings.php" txtDate parameter in the Admin Panel. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Eswap
NVD
CVSS 3.0
4.8
EPSS
0.5%
CVE-2018-10048 HIGH POC This Week

iScripts eSwap v2.4 has CSRF via "registration_settings.php" in the Admin Panel. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Eswap
NVD
CVSS 3.0
8.8
EPSS
0.5%
EPSS 1% CVSS 8.8
HIGH POC This Week

iScripts eSwap v2.4 has SQL injection via the "search.php" 'Told' parameter in the User Panel. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Eswap
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

iScripts eSwap v2.4 has SQL injection via the "salelistdetailed.php" User Panel ToId parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Eswap
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

iScripts eSwap v2.4 has SQL injection via the wishlistdetailed.php User Panel ToId parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Eswap
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM POC This Month

iScripts eSwap v2.4 has Reflected XSS via the "catwiseproducts.php" catid parameter in the User Panel. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Eswap
NVD
EPSS 1% CVSS 7.2
HIGH POC This Week

iScripts eSwap v2.4 has SQL injection via the "registration_settings.php" ddlFree parameter in the Admin Panel. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Eswap
NVD
EPSS 1% CVSS 4.8
MEDIUM POC This Month

iScripts eSwap v2.4 has XSS via the "registration_settings.php" txtDate parameter in the Admin Panel. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Eswap
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

iScripts eSwap v2.4 has CSRF via "registration_settings.php" in the Admin Panel. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Eswap
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy