Vulnerabilities > CVE-2007-2632 - Cross-Site Scripting vulnerability in PHP Multi User Randomizer PHP Multi User Randomizer 2006.09.13
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Multiple cross-site scripting (XSS) vulnerabilities in PHP Multi User Randomizer (phpMUR) 2006.09.13 allow remote attackers to inject arbitrary web script or HTML via (1) the edit_plugin parameter to configure_plugin.tpl.php, or (2) certain array parameters to web/phpinfo.php, as demonstrated by 1[] or a[].
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
| description | PHP Multi User Randomizer 2006.09.13 Configure_Plugin.TPL.PHP Cross-Site Scripting Vulnerability. CVE-2007-2632. Webapps exploit for php platform |
| id | EDB-ID:30022 |
| last seen | 2016-02-03 |
| modified | 2007-05-10 |
| published | 2007-05-10 |
| reporter | the_Edit0r |
| source | https://www.exploit-db.com/download/30022/ |
| title | PHP Multi User Randomizer 2006.09.13 Configure_Plugin.TPL.PHP Cross-Site Scripting Vulnerability |