CVEs (4)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
1Vanguard Project 1Marketplace Digital Products Php May 13, 2026 Dec 28, 2017 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Vanguard Marketplace Digital Products PHP has XSS via the phps_query parameter to /search. |
1Vanguard Project 1Marketplace Digital Products Php May 13, 2026 Dec 28, 2017 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Vanguard Marketplace Digital Products PHP has CSRF via /search. |
1Vanguard Project 1Marketplace Digital Products Php May 13, 2026 Dec 27, 2017 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 Vanguard Marketplace Digital Products PHP 1.4 allows arbitrary file upload via an "Add a new product" or "Add a product preview" action, which can make a .php file accessible under a uploads/ URI. |
1Vanguard Project 1Marketplace Digital Products Php May 13, 2026 Dec 27, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Vanguard Marketplace Digital Products PHP 1.4 has SQL Injection via the PATH_INFO to the /p URI. |