CVE-2008-0877

Name of the Vulnerable Software and Affected Versions Jinzora Media Jukebox version 2.7.5

Description The issue allows remote attackers to inject arbitrary web script or HTML via various parameters to different PHP files. The affected parameters include frontend, set frontend, jz path, theme, set theme, language, PATH INFO, query, and siteNewsData. The vulnerable API endpoints include index.php, ajax request.php, slim.php, and popup.php.

Recommendations For Jinzora Media Jukebox version 2.7.5, consider disabling the vulnerable parameters, such as frontend, set frontend, jz path, theme, set theme, language, PATH INFO, query, and siteNewsData, to minimize the risk of exploitation until a patch is available. Restrict access to the affected PHP files, including index.php, ajax request.php, slim.php, and popup.php, to reduce the attack surface.