Published: 02/05/2005 Updated: 11/07/2017

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 440

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Multiple cross-site scripting (XSS) vulnerabilities in phpSysInfo 2.3, when register_globals is enabled, allow remote malicious users to inject arbitrary web script or HTML via the (1) sensor_program parameter to index.php, (2) text[language], (3) text[template], or (4) hide_picklist parameter to system_footer.php.

Vulnerable Product	Search on Vulmon	Subscribe to Product
phpsysinfo phpsysinfo 2.3

Debian Bug report logs - #339079 CVE-2005-334[78]: Two vulnerabilities in phpsysinfo Package: phpsysinfo; Maintainer for phpsysinfo is Bjoern Boschman <bjoern@boschmande>; Source for phpsysinfo is src:phpsysinfo (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@inutilorg> Date: Mon, 14 Nov 2005 20:49:25 UT ...

Maksymilian Arciemowicz discovered several cross site scripting issues in phpsysinfo, a PHP based host information application For the stable distribution (woody) these problems have been fixed in version 20-3woody2 For the testing (sarge) and unstable (sid) distribution these problems have been fixed in version 23-3 We recommend that you upgr ...

Several vulnerabilities have been discovered in phpsysinfo, a PHP based host information application The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2005-0870 Maksymilian Arciemowicz discovered several cross site scripting problems, of which not all were fixed in DSA 724 CVE-2005-3347 Christop ...

Several vulnerabilities have been discovered in phpsysinfo, a PHP based host information application that is included in phpgroupware The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2005-0870 Maksymilian Arciemowicz discovered several cross site scripting problems, of which not all were fixed in ...

Several vulnerabilities have been discovered in egroupware, a web-based groupware suite The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2005-0870 Maksymilian Arciemowicz discovered several cross site scripting problems in phpsysinfo, which are also present in the imported version in egroupware a ...

phpSysInfo versions 24 and below suffer from cross site scripting, HTTP response splitting, and arbitrary file inclusion flaws ...

source: wwwsecurityfocuscom/bid/12887/info phpSysInfo is reportedly affected by multiple cross-site scripting vulnerabilities These issues are due to a failure in the application to properly sanitize user-supplied input An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user ...

NVD-CWE-Other http://secunia.com/advisories/14690/http://www.debian.org/security/2005/dsa-724 http://www.debian.org/security/2005/dsa-898 http://www.securityfocus.com/archive/1/416543 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=301118 http://www.debian.org/security/2005/dsa-899 http://www.securityfocus.com/bid/15414 http://www.debian.org/security/2005/dsa-897 http://secunia.com/advisories/17616 http://secunia.com/advisories/17643 http://www.securityfocus.com/bid/12887 http://www.mandriva.com/security/advisories?name=MDKSA-2005:212 http://marc.info/?l=bugtraq&m=111161017209422&w=2 https://exchange.xforce.ibmcloud.com/vulnerabilities/19807 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=339079 https://nvd.nist.gov https://www.exploit-db.com/exploits/25265/https://www.debian.org/security/./dsa-724

CVE-2005-0870

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect