GCVE - cpe:2.3:a:iscripts:eswap:2.4:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:iscripts:eswap:2.4:*:*:*:*:*:*:*

part: a version: 2.4 update: *

Vendor	Iscripts (`e627fd69-3a15-533a-b5cb-7695a443f142`)
Product	Eswap (`97d504ff-b9ea-5a34-8871-a190256781d7`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2018-11470`	vulnerable	2026-06-03 14:38:01.569332	Details available iScripts eSwap v2.4 has SQL injection via the "search.php" 'Told' parameter in the User Panel. Published: 2018-05-25T14:00:00.000Z Updated: 2024-09-17T00:21:12.463Z Open on db.gcve.eu Reference links https://github.com/hi-KK/CVE-Hunter/blob/master/3.md	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2018-11373`	vulnerable	2026-06-03 14:38:01.418588	Details available iScripts eSwap v2.4 has SQL injection via the "salelistdetailed.php" User Panel ToId parameter. Published: 2018-05-22T17:00:00.000Z Updated: 2024-09-17T02:52:52.269Z Open on db.gcve.eu Reference links https://github.com/hi-KK/CVE-Hunter/blob/master/2.md	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2018-11372`	vulnerable	2026-06-03 14:38:01.418213	Details available iScripts eSwap v2.4 has SQL injection via the wishlistdetailed.php User Panel ToId parameter. Published: 2018-05-22T17:00:00.000Z Updated: 2024-09-16T19:10:23.165Z Open on db.gcve.eu Reference links https://github.com/hi-KK/CVE-Hunter/blob/master/1.md	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2018-10135`	vulnerable	2026-06-03 14:37:53.143443	Details available iScripts eSwap v2.4 has Reflected XSS via the "catwiseproducts.php" catid parameter in the User Panel. Published: 2018-04-16T17:00:00.000Z Updated: 2024-09-17T03:38:53.871Z Open on db.gcve.eu Reference links https://pastebin.com/vVN00qRh	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2018-10050`	vulnerable	2026-06-03 14:37:53.059212	Details available iScripts eSwap v2.4 has SQL injection via the "registration_settings.php" ddlFree parameter in the Admin Panel. Published: 2018-04-11T20:00:00.000Z Updated: 2024-09-17T04:25:41.071Z Open on db.gcve.eu Reference links https://pastebin.com/UDEsFq3u	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2018-10049`	vulnerable	2026-06-03 14:37:53.058903	Details available iScripts eSwap v2.4 has XSS via the "registration_settings.php" txtDate parameter in the Admin Panel. Published: 2018-04-11T20:00:00.000Z Updated: 2024-09-16T16:24:11.122Z Open on db.gcve.eu Reference links https://pastebin.com/QbhRJp4q	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2018-10048`	vulnerable	2026-06-03 14:37:53.058524	Details available iScripts eSwap v2.4 has CSRF via "registration_settings.php" in the Admin Panel. Published: 2018-04-11T20:00:00.000Z Updated: 2024-09-16T19:30:28.201Z Open on db.gcve.eu Reference links https://pastebin.com/RVdpLAT8	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.