CVE-2006-2951

Name of the Vulnerable Software and Affected Versions Net Portal Dynamic System (NPDS) versions 5.10 and earlier

Description The issue allows remote attackers to inject arbitrary web script and HTML. This can be achieved via several parameters, including Titlesitename or sitename to "header.php", nuke url to "meta/meta.php", forum to "viewforum.php", post id, forum, topic, or arbre to "editpost.php", and uname or email to "user.php".

Recommendations For NPDS versions 5.10 and earlier, consider disabling the affected parameters, such as Titlesitename, sitename, nuke url, forum, post id, topic, arbre, uname, and email, in their respective files until a patch is available. Restrict access to the vulnerable files "header.php", "meta/meta.php", "viewforum.php", "editpost.php", and "user.php" to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.