PT-2009-6590 · Php · Phppowercards

Indoushka

·

Publicado

2009-12-30

·

Atualizado

2017-08-17

·

CVE-2009-4469

CVSS v2.0

4.3

Média

VetorAV:N/AC:M/Au:N/C:N/I:P/A:N
Name of the Vulnerable Software and Affected Versions phpPowerCards version 2.0
Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via specific parameters. The affected parameters include:
  • PATH INFO,
  • the archiv parameter, and
  • the subcat parameter.
Recommendations For phpPowerCards version 2.0, consider restricting access to the pagenumber.inc.php file until a patch is available. As a temporary workaround, avoid using the archiv and subcat parameters in the affected API endpoint. Additionally, restrict the PATH INFO to minimize the risk of exploitation.

Exploit

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2009-4469

Produtos afetados

Phppowercards