Vulnerabilities > CVE-2006-6479 - Input Validation vulnerability in Scriptphp Annoncescripthp 2.0
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Multiple cross-site scripting (XSS) vulnerabilities in AnnonceScriptHP 2.0 allow remote attackers to inject arbitrary web script or HTML via the email parameter in (1) erreurinscription.php, (2) Templates/admin.dwt.php, (3) Templates/commun.dwt.php, (4) membre.dwt.php, and (5) admin/admin_config/Aide.php. Successful exploitation requires that "register_globals" is enabled.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description AnnonceScriptHP 2.0 Templates/admin.dwt.php email Parameter XSS. CVE-2006-6479. Webapps exploit for php platform id EDB-ID:29248 last seen 2016-02-03 modified 2006-12-09 published 2006-12-09 reporter Mr_KaLiMaN source https://www.exploit-db.com/download/29248/ title AnnonceScriptHP 2.0 Templates/admin.dwt.php email Parameter XSS description AnnonceScriptHP 2.0 membre.dwt.php email Parameter XSS. CVE-2006-6479. Webapps exploit for php platform id EDB-ID:29250 last seen 2016-02-03 modified 2006-12-09 published 2006-12-09 reporter Mr_KaLiMaN source https://www.exploit-db.com/download/29250/ title AnnonceScriptHP 2.0 membre.dwt.php email Parameter XSS description AnnonceScriptHP 2.0 admin/admin_config/Aide.php email Parameter XSS. CVE-2006-6479 . Webapps exploit for php platform id EDB-ID:29251 last seen 2016-02-03 modified 2006-12-09 published 2006-12-09 reporter Mr_KaLiMaN source https://www.exploit-db.com/download/29251/ title AnnonceScriptHP 2.0 admin/admin_config/Aide.php email Parameter XSS description AnnonceScriptHP 2.0 erreurinscription.php email Parameter XSS. CVE-2006-6479. Webapps exploit for php platform id EDB-ID:29247 last seen 2016-02-03 modified 2006-12-09 published 2006-12-09 reporter Mr_KaLiMaN source https://www.exploit-db.com/download/29247/ title AnnonceScriptHP 2.0 erreurinscription.php email Parameter XSS description AnnonceScriptHP 2.0 Templates/commun.dwt.php email Parameter XSS. CVE-2006-6479 . Webapps exploit for php platform id EDB-ID:29249 last seen 2016-02-03 modified 2006-12-09 published 2006-12-09 reporter Mr_KaLiMaN source https://www.exploit-db.com/download/29249/ title AnnonceScriptHP 2.0 Templates/commun.dwt.php email Parameter XSS