A vulnerability has been found in PHP Scripts Mall Website Seller Script 2.0.5 (Programming Language Software) and classified as problematic. This vulnerability affects an unknown function. The manipulation with an unknown input leads to a memory corruption vulnerability. The CWE definition for the vulnerability is CWE-119. The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer. As an impact it is known to affect availability. CVE summarizes:

PHP Scripts Mall Website Seller Script 2.0.5 allows remote attackers to cause a denial of service via crafted JavaScript code in the First Name, Last Name, Company Name, or Fax field, as demonstrated by crossPwn.

The bug was discovered 08/26/2018. The weakness was published 08/28/2018 (Website). The advisory is shared for download at gkaim.com. This vulnerability was named CVE-2018-15897 since 08/26/2018. The exploitation appears to be easy. The attack can be initiated remotely. The successful exploitation requires a single authentication. There are neither technical details nor an exploit publicly available.

The vulnerability was handled as a non-public zero-day exploit for at least 2 days. During that time the estimated underground price was around $0-$5k.

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Similar entry is available at 123339.

Productinfo

Type

• Programming Language Software

Vendor

• PHP Scripts Mall

Name

• Website Seller Script

Version

• 2.0.5

License

• free

CPE 2.3info

• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion