Описание
phpGraphy 0.9.11 and earlier allows remote attackers to bypass authentication and gain administrator privileges via a direct request to index.php with the editwelcome parameter set to 1, which can then be used to modify the main page to inject arbitrary HTML and web script. NOTE: XSS attacks are resultant from this issue, since normal functionality allows the admin to modify pages.
phpGraphy 0.9.11 and earlier allows remote attackers to bypass authentication and gain administrator privileges via a direct request to index.php with the editwelcome parameter set to 1, which can then be used to modify the main page to inject arbitrary HTML and web script. NOTE: XSS attacks are resultant from this issue, since normal functionality allows the admin to modify pages.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2006-1888
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25892
- http://retrogod.altervista.org/phpgraphy_0911_adv.html
- http://secunia.com/advisories/19705
- http://securityreason.com/securityalert/733
- http://securitytracker.com/id?1015971
- http://www.securityfocus.com/archive/1/431128/100/0/threaded
- http://www.securityfocus.com/archive/1/431268/100/0/threaded
- http://www.securityfocus.com/bid/17567
- http://www.vupen.com/english/advisories/2006/1379
EPSS
CVE ID
Связанные уязвимости
phpGraphy 0.9.11 and earlier allows remote attackers to bypass authentication and gain administrator privileges via a direct request to index.php with the editwelcome parameter set to 1, which can then be used to modify the main page to inject arbitrary HTML and web script. NOTE: XSS attacks are resultant from this issue, since normal functionality allows the admin to modify pages.
EPSS