PT-2006-7124 · Messageriescripthp · Messageriescripthp

Mr_Kaliman

Published

2006-12-14

Updated

2018-10-17

CVE-2006-6520

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Messageriescripthp version 2.0

Description The issue allows remote attackers to inject arbitrary web script or HTML, potentially leading to security breaches. This can be achieved via several parameters, including the pseudo parameter to "existepseudo.php", the email parameter to "existeemail.php", or the pageName or cssform parameters to "Contact/contact.php".

Recommendations For Messageriescripthp version 2.0, consider validating and sanitizing user input for the pseudo, email, pageName, and cssform parameters to prevent arbitrary script injection. As a temporary workaround, restrict access to the affected scripts, "existepseudo.php", "existeemail.php", and "Contact/contact.php", until a proper fix is applied.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-6520

Affected Products

Messageriescripthp

PT-2006-7124 · Messageriescripthp · Messageriescripthp

CVE-2006-6520

Related Identifiers

Affected Products

References · 10