SB2018083009 - Multiple vulnerabilities in PHP Script Mall

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2018083009

SB2018083009 - Multiple vulnerabilities in PHP Script Mall

Published: August 30, 2018

Security Bulletin ID SB2018083009
Severity
Low
Patch available
NO
Number of vulnerabilities 2
Exploitation vector Remote access
Highest impact Denial of service

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.


1) Stored cross-site scripting (CVE-ID: CVE-2018-15896)

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.


2) Buffer overflow (CVE-ID: CVE-2018-15897)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to buffer overflow when handling malicious input. A remote attacker can send specially crafted JavaScript code in the First Name, Last Name, Company Name, or Fax field, trigger memory corruption and cause the application to crash.


Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References