Vulnerabilities > CVE-2006-6479 - Input Validation vulnerability in Scriptphp Annoncescripthp 2.0

047910
CVSS 6.8 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
scriptphp
exploit available
NVD
Published: 2006-12-12
Updated: 2018-10-17

Summary

Multiple cross-site scripting (XSS) vulnerabilities in AnnonceScriptHP 2.0 allow remote attackers to inject arbitrary web script or HTML via the email parameter in (1) erreurinscription.php, (2) Templates/admin.dwt.php, (3) Templates/commun.dwt.php, (4) membre.dwt.php, and (5) admin/admin_config/Aide.php. Successful exploitation requires that "register_globals" is enabled.

Vulnerable Configurations

Part Description Count
Application
Scriptphp
1

Exploit-Db

  • descriptionAnnonceScriptHP 2.0 Templates/admin.dwt.php email Parameter XSS. CVE-2006-6479. Webapps exploit for php platform
    idEDB-ID:29248
    last seen2016-02-03
    modified2006-12-09
    published2006-12-09
    reporterMr_KaLiMaN
    sourcehttps://www.exploit-db.com/download/29248/
    titleAnnonceScriptHP 2.0 Templates/admin.dwt.php email Parameter XSS
  • descriptionAnnonceScriptHP 2.0 membre.dwt.php email Parameter XSS. CVE-2006-6479. Webapps exploit for php platform
    idEDB-ID:29250
    last seen2016-02-03
    modified2006-12-09
    published2006-12-09
    reporterMr_KaLiMaN
    sourcehttps://www.exploit-db.com/download/29250/
    titleAnnonceScriptHP 2.0 membre.dwt.php email Parameter XSS
  • descriptionAnnonceScriptHP 2.0 admin/admin_config/Aide.php email Parameter XSS. CVE-2006-6479 . Webapps exploit for php platform
    idEDB-ID:29251
    last seen2016-02-03
    modified2006-12-09
    published2006-12-09
    reporterMr_KaLiMaN
    sourcehttps://www.exploit-db.com/download/29251/
    titleAnnonceScriptHP 2.0 admin/admin_config/Aide.php email Parameter XSS
  • descriptionAnnonceScriptHP 2.0 erreurinscription.php email Parameter XSS. CVE-2006-6479. Webapps exploit for php platform
    idEDB-ID:29247
    last seen2016-02-03
    modified2006-12-09
    published2006-12-09
    reporterMr_KaLiMaN
    sourcehttps://www.exploit-db.com/download/29247/
    titleAnnonceScriptHP 2.0 erreurinscription.php email Parameter XSS
  • descriptionAnnonceScriptHP 2.0 Templates/commun.dwt.php email Parameter XSS. CVE-2006-6479 . Webapps exploit for php platform
    idEDB-ID:29249
    last seen2016-02-03
    modified2006-12-09
    published2006-12-09
    reporterMr_KaLiMaN
    sourcehttps://www.exploit-db.com/download/29249/
    titleAnnonceScriptHP 2.0 Templates/commun.dwt.php email Parameter XSS

References