CVE-2005-0870

Name of the Vulnerable Software and Affected Versions phpSysInfo version 2.3

Description The issue allows remote attackers to inject arbitrary web script or HTML, potentially leading to cross-site scripting (XSS) attacks. This can occur through several parameters, including the sensor program parameter to "index.php", text[language], text[template], or the hide picklist parameter to "system footer.php", when register globals is enabled.

Recommendations For phpSysInfo version 2.3, consider disabling the register globals setting to mitigate the risk of exploitation. Additionally, restrict access to the sensor program parameter in "index.php", and the text[language], text[template], and hide picklist parameters in "system footer.php" until a patch is available. Avoid using these parameters in the affected API endpoints until the issue is resolved.