CVE-2006-1290

Name of the Vulnerable Software and Affected Versions Milkeyway Captive Portal versions 0.1 through 0.1.1

Description The issue allows remote attackers to inject arbitrary web script or HTML via vulnerable parameters in certain PHP files. Specifically, the parameters ipAddress, act, username, and other unspecified parameters in authuser.php, as well as username and other unspecified parameters in userstatistics.php, are affected.

Recommendations For Milkeyway Captive Portal versions 0.1 through 0.1.1, consider restricting access to the authuser.php and userstatistics.php files until a patch is available. As a temporary workaround, avoid using the parameters ipAddress, act, and username in the affected API endpoints. At the moment, there is no information about a newer version that contains a fix for this vulnerability.