Описание
PHPIDS before 20070703 does not properly handle use of the substr method in (1) document.location.search and (2) document.referrer; (3) certain use of document.location.hash; (4) certain "window[eval" and similar expressions; (5) certain Function expressions; (6) certain '=' expressions, as demonstrated by a 'whatever="something"' sequence; and (7) certain "with" expressions, which allows remote attackers to inject arbitrary web script.
PHPIDS before 20070703 does not properly handle use of the substr method in (1) document.location.search and (2) document.referrer; (3) certain use of document.location.hash; (4) certain "window[eval" and similar expressions; (5) certain Function expressions; (6) certain '=' expressions, as demonstrated by a 'whatever="something"' sequence; and (7) certain "with" expressions, which allows remote attackers to inject arbitrary web script.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2007-3577
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35489
- http://groups.google.com/group/php-ids/browse_thread/thread/3ec15f69d6b3dba0
- http://osvdb.org/45759
- http://sla.ckers.org/forum/read.php?2%2C13209%2C13218
- http://sla.ckers.org/forum/read.php?2,13209,13218
EPSS
CVE ID
Связанные уязвимости
PHPIDS before 20070703 does not properly handle use of the substr method in (1) document.location.search and (2) document.referrer; (3) certain use of document.location.hash; (4) certain "window[eval" and similar expressions; (5) certain Function expressions; (6) certain '=' expressions, as demonstrated by a 'whatever="something"' sequence; and (7) certain "with" expressions, which allows remote attackers to inject arbitrary web script.
EPSS