CVE-2004-2085

Name of the Vulnerable Software and Affected Versions phpCodeCabinet versions 0.4 and earlier

Description The issue allows remote attackers to inject arbitrary web script or HTML via multiple parameters. This includes the sid parameter to "comments.php", the cid, cf, or rfd parameters to "category.php", or the cid parameter to "input.php", "browse.php", "themes/facade/header.php", or "themes/phpcc/header.php".

Recommendations For phpCodeCabinet versions 0.4 and earlier, consider disabling the parameters sid, cid, cf, and rfd in the affected files until a patch is available. Restrict access to the vulnerable files "comments.php", "category.php", "input.php", "browse.php", "themes/facade/header.php", and "themes/phpcc/header.php" to minimize the risk of exploitation. Avoid using these parameters in the respective API endpoints until the issue is resolved.