Vulnerabilities > CVE-2006-3358 - Unspecified vulnerability in Newsphp 2006Pro

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
newsphp
exploit available
NVD
Published: 2006-07-06
Updated: 2024-11-21

Summary

Multiple cross-site scripting (XSS) vulnerabilities in index.php in NewsPHP 2006 PRO allow remote attackers to inject arbitrary web script or HTML via the (1) words, (2) id, (3) cat_id, and (4) tim parameters, which are not sanitized before being returned in an error page. NOTE: it is possible that some of these vectors are resultant from an SQL injection issue.

Vulnerable Configurations

Part Description Count
Application
Newsphp
1

Exploit-Db

  • descriptionnewsPHP 2006 PRO index.php Multiple Parameter XSS. CVE-2006-3358. Webapps exploit for php platform
    idEDB-ID:28132
    last seen2016-02-03
    modified2006-06-29
    published2006-06-29
    reportersecurityconnection
    sourcehttps://www.exploit-db.com/download/28132/
    titlenewsPHP 2006 PRO index.php Multiple Parameter XSS
  • descriptionnewsPHP 2006 PRO index.php Multiple Parameter SQL Injection. CVE-2006-3358. Webapps exploit for php platform
    idEDB-ID:28133
    last seen2016-02-03
    modified2006-06-29
    published2006-06-29
    reportersecurityconnection
    sourcehttps://www.exploit-db.com/download/28133/
    titlenewsPHP 2006 PRO index.php Multiple Parameter SQL Injection

References