PT-2006-2752 · Blur6Ex · Blur6Ex
Steven M. Christey
·
Published
2006-04-13
·
Updated
2018-10-18
·
CVE-2006-1761
CVSS v2.0
2.6
Low
| Vector | AV:N/AC:H/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
blur6ex version 0.3.452
Description
The issue allows remote attackers to inject arbitrary web script or HTML via the
errormsg parameter in index.php, due to lack of sanitization in the error message.Recommendations
For blur6ex version 0.3.452, ensure proper sanitization of the
errormsg parameter in index.php to prevent injection of arbitrary web script or HTML. As a temporary workaround, consider restricting access to the index.php file until a proper fix is applied.Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Blur6Ex