CyberSec.Space Logo
Back to CVE Browser

CVE-2017-17624

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0330%
EPSS Percentile17.84th
PublishedDec 13, 2017
Last ModifiedMay 13, 2026

Vulnerability Description

PHP Multivendor Ecommerce 1.0 has SQL Injection via the single_detail.php sid parameter, or the category.php searchcat or chid1 parameter.

Affected Platforms (CPE)

πŸ“¦
Php Multivendor Ecommerce Project

Php Multivendor Ecommerce

= 1.0

References & Advisories

πŸ”— https://packetstormsecurity.com/files/145336/PHP-Multivendor-Ecommerce-1.0-SQL-Injection.html
πŸ”— https://www.exploit-db.com/exploits/43293/
πŸ”— https://packetstormsecurity.com/files/145336/PHP-Multivendor-Ecommerce-1.0-SQL-Injection.html
πŸ”— https://www.exploit-db.com/exploits/43293/

Related Vulnerabilities

CVE-2017-179579.8

PHP Scripts Mall PHP Multivendor Ecommerce has SQL Injection via the my_wishlist.php fid parameter.

CVE-2017-179599.8

PHP Scripts Mall PHP Multivendor Ecommerce has SQL Injection via the seller-view.php usid parameter.

CVE-2017-179519.8

PHP Scripts Mall PHP Multivendor Ecommerce has SQL Injection via the shopping-cart.php cusid parameter.

CVE-2017-179608.8

PHP Scripts Mall PHP Multivendor Ecommerce has CSRF via admin/sellerupd.php.