PT-2006-2668 · Php · Phpwebgallery

Published

2006-04-10

Updated

2008-09-05

CVE-2006-1674

CVSS v2.0

2.6

Low

Vector

AV:N/AC:H/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions: PHPWebGallery version 1.4.1

Description: A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML. This is achieved via the id parameter in the "search.php" file.

Recommendations: For PHPWebGallery version 1.4.1, consider restricting access to the vulnerable "search.php" file until a patch is available, and avoid using the id parameter in this file to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-1674

Affected Products

Phpwebgallery

PT-2006-2668 · Php · Phpwebgallery

CVE-2006-1674

Related Identifiers

Affected Products

References · 2