Every CVE whose affected-product data names Php Multivendor Ecommerce Project Php Multivendor Ecommerce, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVE-2017-17624 — CVSS 9.8 (critical): PHP Multivendor Ecommerce 1.0 has SQL Injection via the single_detail.php sid parameter, or the category.php searchcat or chid1 parameter.
CVE-2017-17952 — CVSS 8.6 (high): PHP Scripts Mall PHP Multivendor Ecommerce has a predicable registration URL, which makes it easier for remote attackers to register with…