PT-2002-2446 · Php · Phpimageview

Published

2002-12-31

Updated

2017-07-11

CVE-2002-1724

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions PHPImageView version 1.0

Description A cross-site scripting issue exists, allowing remote attackers to execute arbitrary scripts as other users. This is achieved via the pic parameter in the phpimageview.php file.

Recommendations For PHPImageView version 1.0, consider restricting access to the phpimageview.php file until a patch is available, and avoid using the pic parameter in sensitive operations to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2002-1724

Affected Products

Phpimageview

PT-2002-2446 · Php · Phpimageview

CVE-2002-1724

Related Identifiers

Affected Products

References · 5