PT-2005-4748 · Php · Php Web Statistik

Ascii

Published

2005-12-05

Updated

2017-07-20

CVE-2005-4012

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions PHP Web Statistik version 1.4

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. Specifically, the vulnerabilities can be exploited via the lastnumber parameter to "stat.php" and the HTTP referer to "pixel.php".

Recommendations For PHP Web Statistik version 1.4, consider restricting access to the "stat.php" and "pixel.php" files until a patch is available. As a temporary workaround, avoid using the lastnumber parameter in the "stat.php" file. Additionally, restrict the HTTP referer to "pixel.php" to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2005-4012

Affected Products

Php Web Statistik

PT-2005-4748 · Php · Php Web Statistik

CVE-2005-4012

Related Identifiers

Affected Products

References · 11