Vulnerabilities > CVE-2007-3577 - Unspecified vulnerability in PHPids

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

phpids

NVD

Published: 2007-07-05

Updated: 2024-11-21

Summary

PHPIDS before 20070703 does not properly handle use of the substr method in (1) document.location.search and (2) document.referrer; (3) certain use of document.location.hash; (4) certain "window[eval" and similar expressions; (5) certain Function expressions; (6) certain '=' expressions, as demonstrated by a 'whatever="something"' sequence; and (7) certain "with" expressions, which allows remote attackers to inject arbitrary web script.

Vulnerable Configurations

Part	Description	Count
Application	Phpids Phpids Phpids *	1

References

http://groups.google.com/group/php-ids/browse_thread/thread/3ec15f69d6b3dba0
http://groups.google.com/group/php-ids/browse_thread/thread/3ec15f69d6b3dba0
http://osvdb.org/45759
http://osvdb.org/45759
http://sla.ckers.org/forum/read.php?2%2C13209%2C13218
http://sla.ckers.org/forum/read.php?2%2C13209%2C13218
https://exchange.xforce.ibmcloud.com/vulnerabilities/35489
https://exchange.xforce.ibmcloud.com/vulnerabilities/35489