Vulnerabilities > CVE-2005-2574 - Unspecified vulnerability in XMB Forum XMB 1.9.1
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
xmb.php in XMB Forum 1.9.1 extracts and defines all provided variables, which allows remote attackers to modify arbitrary server variables such as _SERVER[REMOTE_ADDR].
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Nessus
| NASL family | CGI abuses |
| NASL id | XMB_MULTIPLE_XSS.NASL |
| description | The remote host is running XMB Forum, a web forum written in PHP. According to its banner, the version of XMB installed on the remote host suffers from cross-site scripting, SQL injection, and input validation vulnerabilities. |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 17608 |
| published | 2005-03-24 |
| reporter | This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/17608 |
| title | XMB Forum < 1.9.10 Multiple Vulnerabilities |
Statements
| contributor | |
| lastmodified | 2008-12-11 |
| organization | XMB |
| statement | XMB version 1.9.10 or later must be installed to prevent attacks described by this CVE. A patch is also included in third service pack for version 1.9.8 only. All other versions of XMB are vulnerable until upgraded. Upgrades are available at http://www.xmbforum.com/ |