FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2005-0870

This CVE name corresponds to:

Entered Topic
2005-07-09 phpSysInfo -- cross site scripting vulnerability

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

Details

Type Candidate
Name CVE-2005-0870
Phase Assigned(20050326)

Description

Multiple cross-site scripting (XSS) vulnerabilities in phpSysInfo 2.3, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) sensor_program parameter to index.php, (2) text[language], (3) text[template], or (4) hide_picklist parameter to system_footer.php.

References

Source Reference
BUGTRAQ 20050323 [SECURITYREASON.COM] phpSysInfo 2.3 Multiple vulnerabilities
BUGTRAQ 20051115 Advisory 22/2005: Multiple vulnerabilities in phpSysInfo
MISC http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=301118
DEBIAN DSA-724
DEBIAN DSA-897
DEBIAN DSA-898
DEBIAN DSA-899
MANDRIVA MDKSA-2005:212
BID 15414
BID 12887
SECUNIA 14690
SECUNIA 17616
SECUNIA 17643
XF phpsysinfo-sensor-program-xss(19807)