Aggregates CVE and security vulnerability intelligence across all itechscripts-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk sql injection and vendor risk cross-site scripting and related problems; some flaws may lead to vendor impact data exposure and vendor impact session compromise.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2017-20138 | A vulnerability was found in Itech Auction Script 6.49. It has been classified as critical. This affects an unknown part of the file /mcategory.php. The manipulation of the argument mcid with the input 4' AND 1734=1734 AND 'Ggks'='Ggks leads to sql injection (Blind). It is possible to initiate the attack remotely. | [email protected] | 6.3 | 0.53% | 2022-07-16 | 2026-06-16 |
| CVE-2017-20137 | A vulnerability was found in Itech B2B Script 4.28. It has been rated as critical. This issue affects some unknown processing of the file /catcompany.php. The manipulation of the argument token with the input 704667c6a1e7ce56d3d6fa748ab6d9af3fd7' AND 6539=6539 AND 'Fakj'='Fakj leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | [email protected] | 6.3 | 0.58% | 2022-07-16 | 2026-06-16 |
| CVE-2017-20136 | A vulnerability classified as critical has been found in Itech Classifieds Script 7.27. Affected is an unknown function of the file /subpage.php. The manipulation of the argument scat with the input =51' AND 4941=4941 AND 'hoCP'='hoCP leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | [email protected] | 6.3 | 0.58% | 2022-07-16 | 2026-06-16 |
| CVE-2017-20135 | A vulnerability classified as critical was found in Itech Dating Script 3.26. Affected by this vulnerability is an unknown functionality of the file /see_more_details.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | [email protected] | 6.3 | 0.76% | 2022-07-16 | 2026-06-16 |
| CVE-2017-20134 | A vulnerability, which was classified as critical, has been found in Itech Freelancer Script 5.13. Affected by this issue is some unknown functionality of the file /category.php. The manipulation of the argument sk leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | [email protected] | 6.3 | 0.69% | 2022-07-16 | 2026-06-16 |
| CVE-2017-20133 | A vulnerability, which was classified as critical, was found in Itech Job Portal Script 9.13. This affects an unknown part of the file /admin. The manipulation leads to improper authentication. It is possible to initiate the attack remotely. | [email protected] | 7.3 | 0.60% | 2022-07-16 | 2026-06-16 |
| CVE-2017-20132 | A vulnerability was found in Itech Multi Vendor Script 6.49 and classified as critical. This issue affects some unknown processing of the file /multi-vendor-shopping-script/product-list.php. The manipulation of the argument pl leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | [email protected] | 6.3 | 0.69% | 2022-07-16 | 2026-06-16 |
| CVE-2017-20131 | A vulnerability was found in Itech News Portal 6.28. It has been classified as critical. Affected is an unknown function of the file /news-portal-script/information.php. The manipulation of the argument inf leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | [email protected] | 6.3 | 0.77% | 2022-07-16 | 2026-06-16 |
| CVE-2017-20130 | A vulnerability was found in Itech Real Estate Script 3.12. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /real-estate-script/search_property.php. The manipulation of the argument property_for leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | [email protected] | 6.3 | 0.77% | 2022-07-16 | 2026-06-16 |
| CVE-2017-15963 | iTech Gigs Script 1.21 allows SQL Injection via the browse-scategory.php sc parameter or the service-provider.php ser parameter. | [email protected] | 9.8 | 2.07% | 2017-10-29 | 2026-06-16 |
| CVE-2014-100020 | SQL injection vulnerability in ChangeEmail.php in iTechClassifieds 3.03.057 allows remote attackers to execute arbitrary SQL commands via the PreviewNum parameter. NOTE: the CatID parameter is already covered by CVE-2008-0685. | [email protected] | 7.5 | 1.31% | 2015-01-13 | 2026-06-16 |
| CVE-2012-4281 | Multiple SQL injection vulnerabilities in Travelon Express 6.2.2 allow remote attackers to execute arbitrary SQL commands via the hid parameter to (1) holiday.php or (2) holiday_book.php, (3) id parameter to pages.php, (4) fid parameter to admin/airline-edit.php, or (5) cid parameter to admin/customer-edit.php. | [email protected] | 7.5 | 2.16% | 2012-08-13 | 2026-06-16 |
| CVE-2012-4266 | Cross-site scripting (XSS) vulnerability in client_details.php in Proman Xpress 5.0.1 allows remote attackers to inject arbitrary web script or HTML via the cl_comments parameter. NOTE: some of these details are obtained from third party information. | [email protected] | 4.3 | 1.65% | 2012-08-13 | 2026-06-16 |
| CVE-2012-4265 | SQL injection vulnerability in category_edit.php in Proman Xpress 5.0.1 allows remote attackers to execute arbitrary SQL commands via the cid parameter. | [email protected] | 7.5 | 1.01% | 2012-08-13 | 2026-06-16 |
| CVE-2012-2939 | Multiple unrestricted file upload vulnerabilities in Travelon Express 6.2.2 allow remote authenticated users to execute arbitrary code by uploading a file with an executable extension using (1) airline-edit.php, (2) hotel-image-add.php, or (3) hotel-add.php. | [email protected] | 6.5 | 3.89% | 2012-05-27 | 2026-06-16 |
| CVE-2012-2938 | Multiple cross-site scripting (XSS) vulnerabilities in Travelon Express 6.2.2 allow remote attackers to inject arbitrary web script or HTML via the holiday name field to (1) holiday_add.php or (2) holiday_view.php. | [email protected] | 4.3 | 1.81% | 2012-05-27 | 2026-06-16 |
| CVE-2009-3968 | Multiple SQL injection vulnerabilities in ITechBids 8.0 allow remote attackers to execute arbitrary SQL commands via the (1) user_id parameter to feedback.php, (2) cate_id parameter to category.php, (3) id parameter to news.php, and (4) productid parameter to itechd.php. NOTE: the sellers_othersitem.php, classifieds.php, and shop.php vectors are already covered by CVE-2008-3238. | [email protected] | 7.5 | 0.93% | 2009-11-18 | 2026-06-16 |
| CVE-2008-4872 | Cross-site scripting (XSS) vulnerability in bidhistory.php in iTechBids Gold 5.0 allows remote attackers to inject arbitrary web script or HTML via the item_id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | [email protected] | 4.3 | 0.84% | 2008-10-31 | 2026-06-16 |
| CVE-2008-3238 | Multiple SQL injection vulnerabilities in ITechBids 7.0 Gold allow remote attackers to execute arbitrary SQL commands via (1) the seller_id parameter in sellers_othersitem.php, (2) the productid parameter in classifieds.php, and (3) the id parameter in shop.php. | [email protected] | 7.5 | 1.20% | 2008-07-21 | 2026-06-16 |
| CVE-2008-3237 | Cross-site scripting (XSS) vulnerability in forward_to_friend.php in ITechBids 7.0 Gold allows remote attackers to inject arbitrary web script or HTML via the productid parameter. | [email protected] | 4.3 | 1.72% | 2008-07-21 | 2026-06-16 |