CVE-2005-3473

Name of the Vulnerable Software and Affected Versions Simple PHP Blog versions 0.4.5 and earlier

Description The issue allows remote attackers to inject arbitrary web script or HTML via specific parameters in certain PHP files. This is achieved through the entry, blog subject, and blog text parameters, which involve the temp subject variable in preview cgi.php and preview static cgi.php files. Additionally, the scheme name and bg color parameters, involving the preset name and result variables in colors.php, are also vulnerable.

Recommendations For Simple PHP Blog versions 0.4.5 and earlier, consider disabling the preview cgi.php and preview static cgi.php files, as well as restricting access to the colors.php file until a patch is available. Avoid using the entry, blog subject, blog text, scheme name, and bg color parameters in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.