PhpWebLog Cross Site Scripting Network Vulnerability

Summary

The remote web server contains PHP scripts that are prone to several flaws, including possibly arbitrary code execution. Description : The remote host is running phpWebLog, a news and content management system written in PHP. Due to improper filtering done by 'search.php' a remote attacker can cause the phpWebLog product to include arbitrary HTML and/or JavaScript. An attacker may use this bug to perform a cross site scripting attack using the remote host. There are also reportedly two flaws that, if PHP's 'register_globals' setting is enabled, allow for local file disclosure and arbitrary code execution.

Solution

Disable this script.

References

http://www.securiteam.com/unixfocus/5GP0C1PF5W.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2005-0698

CVSS	Base Score: 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

aeNovo Database Content Disclosure Vulnerability
1024 CMS 1.1.0 Beta 'force_download.php' Local File Include Vulnerability
Apache ActiveMQ Multiple Vulnerabilities
Adobe ColdFusion Multiple Full Path Disclosure Vulnerabilities
Allaire JRun directory browsing vulnerability

phpWebLog Cross Site Scripting

Take action and discover your vulnerabilities