Aggregates CVE and security vulnerability intelligence across all iscripts-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk sql injection, vendor risk cross-site scripting, vendor risk csrf, and vendor risk path handling and related problems; some flaws may lead to vendor impact data exposure.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2010-4980 | SQL injection vulnerability in packagedetails.php in iScripts ReserveLogic 1.0 allows remote attackers to execute arbitrary SQL commands via the pid parameter. | [email protected] | 7.5 | 2.42% | 2011-11-01 | 2026-06-16 |
| CVE-2010-2853 | SQL injection vulnerability in flashPlayer/playVideo.php in iScripts VisualCaster allows remote attackers to execute arbitrary SQL commands via the product_id parameter. | [email protected] | 7.5 | 1.19% | 2010-07-24 | 2026-06-16 |
| CVE-2010-2624 | Multiple SQL injection vulnerabilities in iScripts EasySnaps 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) comment parameter to add_comments.php, (2) values parameter to tags_details.php, or (3) begin parameter to greetings.php. | [email protected] | 7.5 | 1.15% | 2010-07-02 | 2026-06-16 |
| CVE-2008-4169 | SQL injection vulnerability in detaillist.php in iScripts EasyIndex, possibly 1.0, allows remote attackers to execute arbitrary SQL commands via the produid parameter. | [email protected] | 7.5 | 1.04% | 2008-09-22 | 2026-06-16 |
| CVE-2008-1859 | SQL injection vulnerability in events.php in iScripts SocialWare allows remote attackers to execute arbitrary SQL commands via the id parameter in a show action. | [email protected] | 7.5 | 1.04% | 2008-04-16 | 2026-06-16 |
| CVE-2008-1790 | Unrestricted file upload vulnerability in iScripts SocialWare allows remote authenticated administrators to upload arbitrary files via a crafted logo file in the "Manage Settings" functionality. NOTE: remote exploitation is facilitated by a separate SQL injection vulnerability. | [email protected] | 6.5 | 1.08% | 2008-04-15 | 2026-06-16 |
| CVE-2008-1772 | iScripts SocialWare stores passwords in cleartext in a database, which allows context-dependent attackers to obtain sensitive information. | [email protected] | 5.0 | 2.48% | 2008-04-14 | 2026-06-16 |
| CVE-2008-0911 | SQL injection vulnerability in productdetails.php in iScripts MultiCart 2.0 allows remote authenticated users to execute arbitrary SQL commands via the productid parameter. | [email protected] | 6.5 | 0.86% | 2008-02-22 | 2026-06-16 |
| CVE-2007-5261 | Multiple SQL injection vulnerabilities in MultiCart 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) catid parameter to categorydetail.php and the (2) ddlCategory parameter to search.php. | [email protected] | 6.4 | 2.00% | 2007-10-06 | 2026-06-16 |