PT-2011-1731 · Php · Php Web Scripts Easy Banner Free

Aliaksandr Hartsuyeu

Published

2011-04-07

Updated

2018-10-10

CVE-2010-4783

CVSS v2.0

2.6

Low

Vector

AV:N/AC:H/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions PHP Web Scripts Easy Banner Free version 2009.05.18

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via the siteurl and urlbanner parameters in index.php when magic quotes gpc is disabled.

Recommendations For PHP Web Scripts Easy Banner Free version 2009.05.18, consider disabling the siteurl and urlbanner parameters in index.php until a patch is available, or enable magic quotes gpc to prevent exploitation. Avoid using the siteurl and urlbanner parameters in the affected index.php file until the issue is resolved.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2010-4783

Affected Products

Php Web Scripts Easy Banner Free

PT-2011-1731 · Php · Php Web Scripts Easy Banner Free

CVE-2010-4783

Weakness Enumeration

Related Identifiers

Affected Products

References · 8