A vulnerability was found in PHP Scripts Mall Opensource Classified Ads Script 3.2.2 (Programming Language Software). It has been declared as problematic. This vulnerability affects some unknown functionality of the component Search Form. The manipulation with an unknown input leads to a injection vulnerability. The CWE definition for the vulnerability is CWE-74. The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component. As an impact it is known to affect integrity. CVE summarizes:

PHP Scripts Mall Opensource Classified Ads Script 3.2.2 has reflected HTML injection via the Search Form.

The bug was discovered 12/30/2018. The weakness was shared 03/21/2019. This vulnerability was named CVE-2019-7435 since 02/05/2019. The attack can be initiated remotely. No form of authentication is required for a successful exploitation. Successful exploitation requires user interaction by the victim. There are neither technical details nor an exploit publicly available. The MITRE ATT&CK project declares the attack technique as T1055.

The vulnerability was handled as a non-public zero-day exploit for at least 81 days. During that time the estimated underground price was around $0-$5k.

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

The entries 132066 and 132065 are related to this item.

Productinfo

Type

• Programming Language Software

Vendor

• PHP Scripts Mall

Name

• Opensource Classified Ads Script

Version

• 3.2.2

License

• free

CPE 2.3info

• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion