PT-2005-1820 · Phpadsnew · Phpadsnew

Cxib8O3

Published

2005-03-14

Updated

2017-07-11

CVE-2005-0791

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions phpAdsNew version 2.0.4-pr1

Description The issue is related to a cross-site scripting (XSS) vulnerability. This occurs when an attacker can inject arbitrary web script or HTML into a website, potentially allowing them to steal user data or take control of the user's session. The vulnerability is specifically in the adframe.php file and can be exploited when the register globals setting is enabled. The refresh parameter is the vulnerable point of entry for this attack.

Recommendations For phpAdsNew version 2.0.4-pr1, consider disabling the register globals setting to prevent exploitation. Additionally, restrict access to the adframe.php file and avoid using the refresh parameter until a fix is available.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2005-0791

Affected Products

Phpadsnew

PT-2005-1820 · Phpadsnew · Phpadsnew

CVE-2005-0791

Related Identifiers

Affected Products

References · 10