CVE-2018-20633
published 2019-03-21CVE-2018-20633: PHP Scripts Mall Advance B2B Script 2.1.4 has Cross-Site Request Forgery (CSRF) via the Edit Profile feature.
PriorityP432high8.8CVSS 3.0
AVNACLPRNUIRSUCHIHAH
EPSS
0.65%
46.5th percentile
PHP Scripts Mall Advance B2B Script 2.1.4 has Cross-Site Request Forgery (CSRF) via the Edit Profile feature.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| advance_b2b_script_project | advance_b2b_script | — | — |
| msrc | azl3_patch_2.7.6-9_on_azure_linux_3.0 | — | — |
| msrc | cbl2_patch_2.7.6-8_on_cbl_mariner_2.0 | — | — |
| msrc | cm1_patch_2.7.6-7_on_cbl_mariner_1.0 | — | — |
CVSS provenance
nvdv3.08.8HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
vendor_redhat7.5HIGH
vendor_msrc5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-8gjf-m234-wgjp: PHP Scripts Mall Advance B2B Script 2
ghsa_unreviewed·2022-05-14
CVE-2018-20633 [HIGH] CWE-352 GHSA-8gjf-m234-wgjp: PHP Scripts Mall Advance B2B Script 2
PHP Scripts Mall Advance B2B Script 2.1.4 has Cross-Site Request Forgery (CSRF) via the Edit Profile feature.
Microsoft
GNU patch through 2.7.6 contains a free(p_line[p_end]) Double Free vulnerability in the function another_hunk in pch.c that can cause a denial of service via a crafted patch file. NOTE: this issue exi
vendor_msrc·2020-03-10·CVSS 5.5
CVE-2019-20633 [HIGH] CWE-415 GNU patch through 2.7.6 contains a free(p_line[p_end]) Double Free vulnerability in the function another_hunk in pch.c that can cause a denial of service via a crafted patch file. NOTE: this issue exi
GNU patch through 2.7.6 contains a free(p_line[p_end]) Double Free vulnerability in the function another_hunk in pch.c that can cause a denial of service via a crafted patch file. NOTE: this issue exists because of an incomplete fix for CVE-2018-6952.
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to ad
Red Hat
patch: double free in another_hunk function in pch.c
vendor_redhat·2019-07-28·CVSS 7.5
CVE-2019-20633 [HIGH] CWE-416 patch: double free in another_hunk function in pch.c
patch: double free in another_hunk function in pch.c
GNU patch through 2.7.6 contains a free(p_line[p_end]) Double Free vulnerability in the function another_hunk in pch.c that can cause a denial of service via a crafted patch file. NOTE: this issue exists because of an incomplete fix for CVE-2018-6952.
A vulnerability was found in GNU Patch due to a double-free issue in the another_hunk function within pch.c, where an attacker could exploit this flaw to cause memory corruption, leading the application to crash and resulting in a denial of service.
Statement: This vulnerability was rated as LOW severity because it causes the application to crash, it doesn’t compromise system security, it can disrupt the application's normal function.
Package: patch (Red Hat Enterprise Linux 5) - Out of
No detection rules found.
No public exploits indexed.
2019-03-21
Published