Published: 13/09/2006 Updated: 14/02/2024

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

VMScore: 685

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Cross-site scripting (XSS) vulnerability in index.php in PHProg prior to 1.1 allows remote malicious users to inject arbitrary web script or HTML via the album parameter, which is used in an opendir call. NOTE: the same primary issue can be used for full path disclosure with an invalid parameter that reveals the installation path in an error message.

Vulnerable Product	Search on Vulmon	Subscribe to Product
comscripts phprog 1.0

source: wwwsecurityfocuscom/bid/19957/info PHProg is prone to multiple vulnerabilities The issues result from insufficient sanitization of user-supplied data and may allow an attacker to carry out cross-site scripting and local file-include attacks Version 10 of PHProg is reported vulnerable; other versions may be affected as well ...

NVD-CWE-Other http://www.pconfig.com/cdg393/adviso/PHProg.txt http://www.comscripts.com/scripts/php.phprog-album-photo-php.2117.html http://www.securityfocus.com/bid/19957 http://secunia.com/advisories/21849 http://marc.info/?l=full-disclosure&m=115796646100433&w=2 https://exchange.xforce.ibmcloud.com/vulnerabilities/28846 https://exchange.xforce.ibmcloud.com/vulnerabilities/28845 https://nvd.nist.gov https://www.exploit-db.com/exploits/28510/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2006-4754

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect