Vulnerabilities > CVE-2007-2600 - Cross-Site Scripting vulnerability in Tutorialcms

047910
CVSS 6.8 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
wavelink-media
exploit available

Summary

Multiple cross-site scripting (XSS) vulnerabilities in TutorialCMS (aka Photoshop Tutorials) 1.00 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) catFile parameter to (a) browseCat.php or (b) browseSubCat.php; the (2) id parameter to (c) openTutorial.php, (d) topFrame.php, or (e) admin/editListing.php; or the (3) search parameter to search.php.

Vulnerable Configurations

Part Description Count
Application
Wavelink_Media
1

Exploit-Db

descriptionTutorialCMS <= 1.00 (search.php search) SQL Injection Exploit. CVE-2007-2599,CVE-2007-2600. Webapps exploit for php platform
fileexploits/php/webapps/3887.pl
idEDB-ID:3887
last seen2016-01-31
modified2007-05-09
platformphp
port
published2007-05-09
reporterSilentz
sourcehttps://www.exploit-db.com/download/3887/
titleTutorialCMS <= 1.00 search.php search SQL Injection Exploit
typewebapps