Published: 30/12/2008 Updated: 29/09/2017

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 435

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Cross-site scripting (XSS) vulnerability in config/make_config.php in PHP Weather 2.2.2 allows remote malicious users to inject arbitrary web script or HTML via the PATH_INFO.

Vulnerable Product	Search on Vulmon	Subscribe to Product
phpweather phpweather 2.2.2

****(Lfi/xss)**** script: phpweather-222 *************************************************************************** download from:downloadssourceforgenet/phpweather/phpweather-222zip?modtime=1087430400&big_mirror=0 *************************************************************************** vul: /testphp line 48: require( ...

OWASP-Top-10-practice This repository used for save results of learning Web Application Security on practice It contains files by categories OWASP TOP10 2013 At the beginning those files were with vulnerable code After some tests, vulnerabilities were patched If you want, you may use this files to your experiments It is very easy to make files vulnerable again Links, that

CWE-79 http://www.securityfocus.com/bid/32820 http://secunia.com/advisories/33098 http://securityreason.com/securityalert/4826 https://exchange.xforce.ibmcloud.com/vulnerabilities/47308 https://www.exploit-db.com/exploits/7451 https://nvd.nist.gov https://github.com/Ksaivinay0708/OWASP https://www.exploit-db.com/exploits/7451/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2008-5770

Vulnerability Summary

Vulnerability Trend

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect