1. CVE-Search
  2. CVE-2005-0870
ID CVE-2005-0870
Summary Multiple cross-site scripting (XSS) vulnerabilities in phpSysInfo 2.3, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) sensor_program parameter to index.php, (2) text[language], (3) text[template], or (4) hide_picklist parameter to system_footer.php.
References
Vulnerable Configurations
  • cpe:2.3:a:phpsysinfo:phpsysinfo:2.3:*:*:*:*:*:*:*
    cpe:2.3:a:phpsysinfo:phpsysinfo:2.3:*:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 11-07-2017 - 01:32)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:P/A:N
refmap via4
bid
  • 12887
  • 15414
bugtraq
  • 20050323 [SECURITYREASON.COM] phpSysInfo 2.3 Multiple vulnerabilities
  • 20051115 Advisory 22/2005: Multiple vulnerabilities in phpSysInfo
debian
  • DSA-724
  • DSA-897
  • DSA-898
  • DSA-899
mandriva MDKSA-2005:212
misc http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=301118
secunia
  • 14690
  • 17616
  • 17643
xf phpsysinfo-sensor-program-xss(19807)
Last major update 11-07-2017 - 01:32
Published 02-05-2005 - 04:00
Last modified 11-07-2017 - 01:32
Back to Top