Cpe Name:
cpe:2.3:a:paid_to_read_script_project:paid_to_read_script:2.0.5:*:*:*:*:*:*:*
# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
1 |
CVE-2017-17779 |
89 |
|
Sql |
2017-12-20 |
2018-01-03 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Paid To Read Script 2.0.5 has SQL injection via the referrals.php id parameter. |
2 |
CVE-2017-17778 |
79 |
|
XSS |
2017-12-20 |
2018-01-03 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
Paid To Read Script 2.0.5 has XSS via the referrals.php tier parameter or the admin/userview.php uid parameter. |
3 |
CVE-2017-17777 |
287 |
|
Bypass |
2017-12-20 |
2018-01-12 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Paid To Read Script 2.0.5 has authentication bypass in the admin panel via a direct request, as demonstrated by the admin/viewvisitcamp.php fn parameter and the admin/userview.php uid parameter. |
4 |
CVE-2017-17776 |
200 |
|
+Info |
2017-12-20 |
2018-01-03 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Paid To Read Script 2.0.5 has full path disclosure via an invalid admin/userview.php uid parameter. |
5 |
CVE-2017-17651 |
89 |
|
Sql |
2017-12-18 |
2018-01-02 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Paid To Read Script 2.0.5 has SQL Injection via the admin/userview.php uid parameter, the admin/viewemcamp.php fnum parameter, or the admin/viewvisitcamp.php fn parameter. |
Total number of vulnerabilities :
5
Page :
1
(This Page)