Ordermanagementscript Professional Service Script — known CVE vulnerabilities
Every CVE whose affected-product data names Ordermanagementscript Professional Service Script, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVE-2017-17930 — CVSS 8.8 (high): PHP Scripts Mall Professional Service Script has CSRF via admin/general_settingupd.php, as demonstrated by modifying a setting in the user…
CVE-2017-17924 — CVSS 5.3 (medium): PHP Scripts Mall Professional Service Script allows remote attackers to obtain sensitive full-path information via the id parameter to…
CVE-2017-17927 — CVSS 5.3 (medium): PHP Scripts Mall Professional Service Script allows remote attackers to obtain sensitive full-path information via a crafted PATH_INFO to…
CVE-2017-17926 — CVSS 5.3 (medium): PHP Scripts Mall Professional Service Script has a predicable registration URL, which makes it easier for remote attackers to register with…