CVE-2005-1508

Name of the Vulnerable Software and Affected Versions PwsPHP version 1.2.2

Description The issue allows remote attackers to inject arbitrary web script or HTML via several parameters, including month and annee in the news module, nbractif and annee in the stats module, id in profil.php, mb lettre and lettre in memberlist.php, and chaine search or auteur search in the recherche module.

Recommendations For PwsPHP version 1.2.2, as a temporary workaround, consider restricting access to the vulnerable parameters month, annee, nbractif, id, mb lettre, lettre, chaine search, and auteur search until a patch is available. Avoid using these parameters in the affected modules until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.