Back to search
CVE-2005-0870
Published: Mar 26, 2005
Modified: Aug 7, 2024
PUBLISHED
Description
Multiple cross-site scripting (XSS) vulnerabilities in phpSysInfo 2.3, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) sensor_program parameter to index.php, (2) text[language], (3) text[template], or (4) hide_picklist parameter to system_footer.php.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
17616
third-party-advisory
x_refsource_SECUNIA
MDKSA-2005:212
vendor-advisory
x_refsource_MANDRIVA
15414
vdb-entry
x_refsource_BID
14690
third-party-advisory
x_refsource_SECUNIA
DSA-898
vendor-advisory
x_refsource_DEBIAN
20050323 [SECURITYREASON.COM] phpSysInfo 2.3 Multiple vulnerabilities
mailing-list
x_refsource_BUGTRAQ
phpsysinfo-sensor-program-xss(19807)
vdb-entry
x_refsource_XF
20051115 Advisory 22/2005: Multiple vulnerabilities in phpSysInfo
mailing-list
x_refsource_BUGTRAQ
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=301118
x_refsource_MISC
12887
vdb-entry
x_refsource_BID
DSA-897
vendor-advisory
x_refsource_DEBIAN
DSA-724
vendor-advisory
x_refsource_DEBIAN
DSA-899
vendor-advisory
x_refsource_DEBIAN
17643
third-party-advisory
x_refsource_SECUNIA
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now