ordermanagementscript CVE 脆弱性と CVE 一覧（8）

製品（CPE）: — CVE 件数: 8

ordermanagementscript 脆弱性概要

ordermanagementscript 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。

過去の問題は主にパス処理の欠陥 and vendor risk cross-site scripting などに関し、一部はファイル上書きを招き、vendor surface production workloads and vendor surface software deployment 関連の場面に影響します。

掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。

脆弱性分布の推移（直近24か月）

CVE	概要	ソース	CVSS 最大値	EPSS（%）	公開	更新
CVE-2018-6934	CSRF exists in student/personal-info in PHP Scripts Mall Online Tutoring Script 2.0.3.	[email protected]	8.8	0.49%	2018-04-12	2024-11-21
CVE-2017-17930	PHP Scripts Mall Professional Service Script has CSRF via admin/general_settingupd.php, as demonstrated by modifying a setting in the user panel.	[email protected]	8.8	0.51%	2017-12-27	2026-05-13
CVE-2017-17929	PHP Scripts Mall Professional Service Script has XSS via the admin/bannerview.php view parameter.	[email protected]	4.8	0.54%	2017-12-27	2026-05-13
CVE-2017-17928	PHP Scripts Mall Professional Service Script has SQL injection via the admin/review.php id parameter.	[email protected]	9.8	1.16%	2017-12-27	2026-05-13
CVE-2017-17927	PHP Scripts Mall Professional Service Script allows remote attackers to obtain sensitive full-path information via a crafted PATH_INFO to service-list/category/.	[email protected]	5.3	1.51%	2017-12-27	2026-05-13
CVE-2017-17926	PHP Scripts Mall Professional Service Script has a predicable registration URL, which makes it easier for remote attackers to register with an invalid or spoofed e-mail address.	[email protected]	5.3	1.14%	2017-12-27	2026-05-13
CVE-2017-17925	PHP Scripts Mall Professional Service Script has XSS via the admin/general_settingupd.php website_title parameter.	[email protected]	4.8	0.54%	2017-12-27	2026-05-13
CVE-2017-17924	PHP Scripts Mall Professional Service Script allows remote attackers to obtain sensitive full-path information via the id parameter to admin/review_userwise.php.	[email protected]	5.3	1.51%	2017-12-27	2026-05-13

cvelogic Threat Intelligence