PT-2006-1926 · Noah · Noah'S Classifieds

Published

2006-02-24

Updated

2018-10-18

CVE-2006-0880

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Noah's Classifieds version 1.3

Description The issue allows remote attackers to inject arbitrary web script or HTML. This can be achieved via the inf parameter. Additionally, when register globals is enabled, attackers can also inject scripts via the upperTemplate and lowerTemplate parameters.

Recommendations For Noah's Classifieds version 1.3, consider disabling the inf, upperTemplate, and lowerTemplate parameters in the index.php file to prevent exploitation until a patch is available. Restrict access to these parameters to minimize the risk of arbitrary web script or HTML injection.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-0880

Affected Products

Noah'S Classifieds

PT-2006-1926 · Noah · Noah'S Classifieds

CVE-2006-0880

Related Identifiers

Affected Products

References · 8