The__Leo

#16542of 53,630
16.2Total CVSS
Vulnerabilities · 3
Medium
3
PT-2006-5643
5.1
2006-09-19
Telekorn · Telekorn Signkorn Guestbook · CVE-2006-4889
**Name of the Vulnerable Software and Affected Versions** Telekorn SignKorn Guestbook (SL) versions 1.3 and earlier **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `dir path` parameter in multiple PHP files, including "index.php", "includes/functions.gb.php", "includes/functions.admin.php", "includes/admin.inc.php", "help.php", "smile.php", "entry.php", "adminhelp0.php", "adminhelp1.php", "adminhelp2.php", "adminhelp3.php" in "help/en" and "help/de" directories, and "preview.php", "log.php", "index.php", "config.php", and "admin.php" in the "admin" directory, when `register globals` is enabled. **Recommendations** For Telekorn SignKorn Guestbook (SL) versions 1.3 and earlier, consider disabling the `register globals` setting to prevent exploitation. As a temporary workaround, restrict access to the vulnerable PHP files until a patch is available. Avoid using the `dir path` parameter in the affected PHP files until the issue is resolved.
PT-2006-5546
4.3
2006-09-14
Forumjbc · Forumjbc · CVE-2006-4771
**Name of the Vulnerable Software and Affected Versions** ForumJBC version 4 **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the `nb connecte` parameter in the haut.php file. This could potentially lead to unauthorized actions on the affected system. **Recommendations** For ForumJBC version 4, ensure that user input for the `nb connecte` parameter is properly sanitized to prevent the injection of malicious scripts. As a temporary workaround, consider restricting access to the haut.php file until a patch is available.
PT-2006-5380
6.8
2006-09-06
Softbb · Softbb · CVE-2006-4593
**Name of the Vulnerable Software and Affected Versions** SoftBB versions 0.1 and earlier **Description** The issue allows remote attackers to inject arbitrary web script or HTML via the `page` parameter in the "index.php" file. This can lead to cross-site scripting (XSS) attacks. **Recommendations** For SoftBB versions 0.1 and earlier, avoid using the `page` parameter in the "index.php" file until a fix is available. As a temporary workaround, consider restricting access to the "index.php" file to minimize the risk of exploitation.