Summary
The remote web server contains PHP scripts that are prone to several flaws, including possibly arbitrary code execution.
Description :
The remote host is running phpWebLog, a news and content management system written in PHP.
Due to improper filtering done by 'search.php' a remote attacker can cause the phpWebLog product to include arbitrary HTML and/or JavaScript. An attacker may use this bug to perform a cross site scripting attack using the remote host. There are also reportedly two flaws that, if PHP's 'register_globals' setting is enabled, allow for local file disclosure and arbitrary code execution.
Solution
Disable this script.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2005-0698 -
CVSS Base Score: 4.6
AV:L/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Apache Tomcat cal2.jsp Cross Site Scripting Vulnerability
- 11in1 Cross Site Request Forgery and Local File Include Vulnerabilities
- Apache Solr XML External Entity(XXE) Vulnerability-01 Jan-14
- Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
- AMSI 'file' Parameter Directory Traversal Vulnerability