CVE-2005-2564

Name of the Vulnerable Software and Affected Versions Gravity Board X (GBX) version 1.1

Description A direct static code injection issue allows remote attackers to execute arbitrary PHP code, HTML, and script via the csscontent parameter in editcss.php. This parameter is directly inserted into the gbxfinal.css file.

Recommendations For Gravity Board X (GBX) version 1.1, consider restricting access to the editcss.php file to minimize the risk of exploitation, and avoid using the csscontent parameter until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.