CVE-2006-0880

Name of the Vulnerable Software and Affected Versions Noah's Classifieds version 1.3

Description The issue allows remote attackers to inject arbitrary web script or HTML. This can be achieved via the inf parameter. Additionally, when register globals is enabled, attackers can also inject scripts via the upperTemplate and lowerTemplate parameters.

Recommendations For Noah's Classifieds version 1.3, consider disabling the inf, upperTemplate, and lowerTemplate parameters in the index.php file to prevent exploitation until a patch is available. Restrict access to these parameters to minimize the risk of arbitrary web script or HTML injection.