CVE-2006-4985

Name of the Vulnerable Software and Affected Versions Grayscale BandSite CMS (affected versions not specified)

Description The issue allows remote attackers to inject arbitrary web script or HTML via multiple parameters in various PHP files. The vulnerable parameters include max file size purdy in 'adminpanel/includes/helpfiles/help mp3.php', message text in 'adminpanel/includes/mailinglist/sendemail.php', this year in 'includes/footer.php', and band in several files including 'adminpanel/includes/helpfiles/help news.php', 'adminpanel/includes/helpfiles/help merch.php', 'adminpanel/includes/header.php', and 'adminpanel/login header.php'. Additionally, multiple 'includes/content/' files are affected, including 'bio content.php', 'gbook content.php', 'interview content.php', 'links content.php', 'lyrics content.php', 'member content.php', 'merch content.php', 'mp3 content.php', 'news content.php', 'pastshows content.php', 'photo content.php', 'releases content.php', 'reviews content.php', 'shows content.php', and 'signgbook content.php'.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.