scriptsfeed 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
一般的な弱点パターンには vendor risk sql injection and vendor risk input validation があり、vendor surface production workloads and vendor surface software deployment の利用場面で vendor impact data exposure and vendor impact unexpected behavior などのリスクが生じる可能性があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2010-5039 | SQL injection vulnerability in control/admin_login.php in ScriptsFeed Recipes Listing Portal 1.0 allows remote attackers to execute arbitrary SQL commands via the loginid parameter (aka the UserName field). NOTE: some of these details are obtained from third party information. | [email protected] | 7.5 | 1.05% | 2011-11-02 | 2026-04-29 |
| CVE-2010-2906 | SQL injection vulnerability in articlesdetails.php in ScriptsFeed and BrotherScripts (BS) Scripts Directory allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2010-2905. | [email protected] | 7.5 | 0.96% | 2010-07-28 | 2026-04-29 |
| CVE-2010-2905 | SQL injection vulnerability in info.php in ScriptsFeed and BrotherScripts (BS) Scripts Directory allows remote attackers to execute arbitrary SQL commands via the id parameter. | [email protected] | 7.5 | 0.97% | 2010-07-28 | 2026-04-29 |
| CVE-2010-1096 | Multiple SQL injection vulnerabilities in searchmatch.php in ScriptsFeed Dating Software allow remote attackers to execute arbitrary SQL commands via the (1) txtgender and (2) txtlookgender parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | [email protected] | 7.5 | 1.05% | 2010-03-24 | 2026-04-29 |
| CVE-2010-1092 | Multiple SQL injection vulnerabilities in login.php in ScriptsFeed Business Directory Software allow remote attackers to execute arbitrary SQL commands via the (1) us and (2) ps parameters. | [email protected] | 7.5 | 1.15% | 2010-03-24 | 2026-04-29 |
| CVE-2008-6944 | Unrestricted file upload vulnerability in ScriptsFeed Auto Classifieds allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a profile logo, then accessing it via a direct request to the file in cars_images/. | [email protected] | 6.5 | 3.95% | 2009-08-12 | 2026-04-23 |
| CVE-2008-6943 | Unrestricted file upload vulnerability in ScriptsFeed Recipes Listing Portal allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a recipe photo, then accessing it via a direct request to the file in pictures/. | [email protected] | 6.5 | 3.95% | 2009-08-12 | 2026-04-23 |
| CVE-2008-6942 | Unrestricted file upload vulnerability in ScriptsFeed Realtor Classifieds System (aka Real Estate Classifieds) allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a profile logo, then accessing it via a direct request to the file in re_images/. | [email protected] | 6.5 | 3.95% | 2009-08-12 | 2026-04-23 |