Vulnerabilities > CVE-2006-2425 - Cross-Site Scripting vulnerability in PHPRemoteView PRV.PHP
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
Multiple cross-site scripting (XSS) vulnerabilities in PRV.php in PhpRemoteView, possibly 2003-10-23 and earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) f, (2) d, and (3) ref parameters, and the (4) "MAKE DIR" and (5) "Full file name" fields.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
| description | PHPRemoteView PRV.PHP Multiple Cross-Site Scripting Vulnerabilities. CVE-2006-2425. Webapps exploit for php platform |
| id | EDB-ID:27885 |
| last seen | 2016-02-03 |
| modified | 2006-05-16 |
| published | 2006-05-16 |
| reporter | Soot |
| source | https://www.exploit-db.com/download/27885/ |
| title | PHPRemoteView PRV.PHP Multiple Cross-Site Scripting Vulnerabilities |
References
- http://secunia.com/advisories/20141
- http://securityreason.com/securityalert/902
- http://soot.shabgard.org/bugs/phpremoteview.txt
- http://www.osvdb.org/25572
- http://www.securityfocus.com/archive/1/434118/100/0/threaded
- http://www.securityfocus.com/bid/17994
- http://www.vupen.com/english/advisories/2006/1844
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26473