|
|
CVE Reference: CVE-2006-1888 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2006-1888 |
|
|
Description: phpGraphy 0.9.11 and earlier allows remote attackers to bypass authentication and gain administrator privileges via a direct request to index.php with the editwelcome parameter set to 1, which can then be used to modify the main page to inject arbitrary HTML and web script. NOTE: XSS attacks are resultant from this issue, since normal functionality allows the admin to modify pages. |
|
|
CVE Status: Candidate |
|
|
References: XF http://xforce.iss.net/xforce/xfdb/25892 ST 1015971 SREASON http://securityreason.com/securityalert/733 SAID Secunia Advisory: SA19705 MISC http://retrogod.altervista.org/phpgraphy_0911_adv.html BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/431268/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/431128/100/0/threaded BID 17567 |
|
| Return to the previous page. |
