Monthly Archive: December 2017

FS Quibids Clone 1.0 has SQL Injection via the itechd.php productid parameter. Date published : 2017-12-13 https://www.exploit-db.com/exploits/43243/ https://packetstormsecurity.com/files/145253/FS-Quibids-Clone-1.0-SQL-Injection.html

FS Linkedin Clone 1.0 has SQL Injection via the group.php grid parameter, profile.php fid parameter, or company_details.php id parameter. Date published : 2017-12-13 https://www.exploit-db.com/exploits/43249/ https://packetstormsecurity.com/files/145307/FS-Linkedin-Clone-1.0-SQL-Injection.html

FS Freelancer Clone 1.0 has SQL Injection via the profile.php u parameter. Date published : 2017-12-13 https://www.exploit-db.com/exploits/43255/ https://packetstormsecurity.com/files/145317/FS-Freelancer-Clone-1.0-SQL-Injection.html

FS Crowdfunding Script 1.0 has SQL Injection via the latest_news_details.php id parameter. Date published : 2017-12-13 https://www.exploit-db.com/exploits/43257/ https://packetstormsecurity.com/files/145301/FS-Crowdfunding-Script-1.0-SQL-Injection.html

FS Trademe Clone 1.0 has SQL Injection via the search_item.php search parameter or the general_item_details.php id parameter. Date published : 2017-12-13 https://www.exploit-db.com/exploits/43260/ https://packetstormsecurity.com/files/145296/FS-Trademe-Clone-1.0-SQL-Injection.html

FS Gigs Script 1.0 has SQL Injection via the browse-category.php cat parameter, browse-scategory.php sc parameter, or service-provider.php ser parameter. Date published : 2017-12-13 https://www.exploit-db.com/exploits/43254/ https://packetstormsecurity.com/files/145316/FS-Gigs-Script-1.0-SQL-Injection.html

FS Groupon Clone 1.0 has SQL Injection via the item_details.php id parameter or the vendor_details.php id parameter. Date published : 2017-12-13 https://www.exploit-db.com/exploits/43253/ https://packetstormsecurity.com/files/145315/FS-Groupon-Clone-1.0-SQL-Injection.html

FS Care Clone 1.0 has SQL Injection via the searchJob.php jobType or jobFrequency parameter. Date published : 2017-12-13 https://www.exploit-db.com/exploits/43258/ https://packetstormsecurity.com/files/145302/FS-Care-Clone-1.0-SQL-Injection.html

FS Ebay Clone 1.0 has SQL Injection via the product.php id parameter, or the search.php category_id or sub_category_id parameter. Date published : 2017-12-13 https://www.exploit-db.com/exploits/43256/ https://packetstormsecurity.com/files/145319/FS-Ebay-Clone-1.0-SQL-Injection.html

FS Amazon Clone 1.0 has SQL Injection via the PATH_INFO to /VerAyari. Date published : 2017-12-13 https://www.exploit-db.com/exploits/43259/ https://packetstormsecurity.com/files/145303/FS-Amazon-Clone-1.0-SQL-Injection.html

FS Foodpanda Clone 1.0 has SQL Injection via the /food keywords parameter. Date published : 2017-12-13 https://www.exploit-db.com/exploits/43262/ https://packetstormsecurity.com/files/145298/FS-Foodpanda-Clone-1.0-SQL-Injection.html

FS Expedia Clone 1.0 has SQL Injection via the pages.php or content.php id parameter, or the show-flight-result.php fl_orig or fl_dest parameter. Date published : 2017-12-13 https://www.exploit-db.com/exploits/43261/ https://packetstormsecurity.com/files/145297/FS-Expedia-Clone-1.0-SQL-Injection.html

Scubez Posty Readymade Classifieds has XSS via the admin/user_activate_submit.php ID parameter. Date published : 2017-12-13 https://github.com/d4wner/Vulnerabilities-Report/blob/master/Readymade%20Classifieds%20Script.md

Scubez Posty Readymade Classifieds has Incorrect Access Control for visiting admin/user_activate_submit.php (aka the backend PHP script), which might allow remote attackers to obtain sensitive information via a direct request. Date published : 2017-12-13 https://github.com/d4wner/Vulnerabilities-Report/blob/master/Readymade%20Classifieds%20Script.md