Vanguard Project Marketplace Digital Products Php vulnerabilities
4 known vulnerabilities affecting vanguard_project/marketplace_digital_products_php.
Total CVEs
4
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH2MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2017-17874P3HIGHCVSS 8.8PoCv1.4.02017-12-27
CVE-2017-17874 [HIGH] CWE-434 CVE-2017-17874: Vanguard Marketplace Digital Products PHP 1.4 allows arbitrary file upload via an "Add a new product
Vanguard Marketplace Digital Products PHP 1.4 allows arbitrary file upload via an "Add a new product" or "Add a product preview" action, which can make a .php file accessible under a uploads/ URI.
nvd
CVE-2017-17873P3CRITICALCVSS 9.8PoCv1.4.02017-12-27
CVE-2017-17873 [CRITICAL] CWE-89 CVE-2017-17873: Vanguard Marketplace Digital Products PHP 1.4 has SQL Injection via the PATH_INFO to the /p URI.
Vanguard Marketplace Digital Products PHP 1.4 has SQL Injection via the PATH_INFO to the /p URI.
nvd
CVE-2017-17936P4HIGHCVSS 8.8≤ 1.92017-12-28
CVE-2017-17936 [HIGH] CWE-352 CVE-2017-17936: Vanguard Marketplace Digital Products PHP has CSRF via /search.
Vanguard Marketplace Digital Products PHP has CSRF via /search.
nvd
CVE-2017-17937P4MEDIUMCVSS 6.1≤ 1.92017-12-28
CVE-2017-17937 [MEDIUM] CWE-79 CVE-2017-17937: Vanguard Marketplace Digital Products PHP has XSS via the phps_query parameter to /search.
Vanguard Marketplace Digital Products PHP has XSS via the phps_query parameter to /search.
nvd