Keyone

**Name of the Vulnerable Software and Affected Versions** iScripts eSwap version 2.4 **Description** The issue is related to SQL injection via the `search.php` API endpoint, specifically the `Told` parameter in the User Panel. **Recommendations** For iScripts eSwap version 2.4, consider restricting access to the `search.php` endpoint or avoiding the use of the `Told` parameter until a fix is available.

**Name of the Vulnerable Software and Affected Versions** iScripts eSwap version 2.4 **Description** The issue is related to SQL injection via the `ToId` parameter in the `wishlistdetailed.php` User Panel. **Recommendations** For iScripts eSwap version 2.4, avoid using the `ToId` parameter in the `wishlistdetailed.php` User Panel until the issue is resolved. Consider restricting access to the `wishlistdetailed.php` page to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** iScripts eSwap version 2.4 **Description** The issue is related to SQL injection via the `ToId` parameter in the "salelistdetailed.php" User Panel. **Recommendations** For iScripts eSwap version 2.4, consider restricting access to the `ToId` parameter in the "salelistdetailed.php" User Panel to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.