Vulnerabilities > CVE-2007-3001 - Unspecified vulnerability in PHP Jackknife PHP Jackknife 2.21
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN php-jackknife
exploit available
Summary
Multiple cross-site scripting (XSS) vulnerabilities in PHP JackKnife (PHPJK) allow remote attackers to inject arbitrary web script or HTML via (1) the sUName parameter to UserArea/Authenticate.php, (2) the sAccountUnq parameter to UserArea/NewAccounts/index.php, or the (3) iCategoryUnq, (4) iDBLoc, (5) iTtlNumItems, (6) iNumPerPage, or (7) sSort parameter to G_Display.php, different vectors than CVE-2005-4239.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
description PHP JackKnife 2.21 (PHPJK) UserArea/NewAccounts/index.php sAccountUnq Parameter XSS. CVE-2007-3001. Webapps exploit for php platform id EDB-ID:30115 last seen 2016-02-03 modified 2007-05-31 published 2007-05-31 reporter laurent gaffie source https://www.exploit-db.com/download/30115/ title PHP JackKnife 2.21 PHPJK UserArea/NewAccounts/index.php sAccountUnq Parameter XSS description PHP JackKnife 2.21 (PHPJK) G_Display.php Multiple Parameter XSS. CVE-2007-3001. Webapps exploit for php platform id EDB-ID:30116 last seen 2016-02-03 modified 2007-05-31 published 2007-05-31 reporter laurent gaffie source https://www.exploit-db.com/download/30116/ title PHP JackKnife 2.21 PHPJK G_Display.php Multiple Parameter XSS description PHP JackKnife 2.21 (PHPJK) UserArea/Authenticate.php sUName Parameter XSS. CVE-2007-3001. Webapps exploit for php platform id EDB-ID:30114 last seen 2016-02-03 modified 2007-05-31 published 2007-05-31 reporter laurent gaffie source https://www.exploit-db.com/download/30114/ title PHP JackKnife 2.21 PHPJK UserArea/Authenticate.php sUName Parameter XSS
References
- http://osvdb.org/38877
- http://osvdb.org/38877
- http://osvdb.org/38878
- http://osvdb.org/38878
- http://osvdb.org/38879
- http://osvdb.org/38879
- http://securityreason.com/securityalert/2768
- http://securityreason.com/securityalert/2768
- http://www.securityfocus.com/archive/1/470111/100/0/threaded
- http://www.securityfocus.com/archive/1/470111/100/0/threaded
- http://www.securityfocus.com/bid/24253
- http://www.securityfocus.com/bid/24253
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34643
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34643