ID CVE-2006-1575 Type cve Reporter cve@mitre.org Modified 2018-10-18T16:33:00
Description
Multiple cross-site scripting (XSS) vulnerabilities in news.php in QLnews 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) autorx and (2) newsx parameters.
{"osvdb": [{"lastseen": "2017-04-28T13:20:21", "bulletinFamily": "software", "description": "## Vulnerability Description\nQLnews contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'autorx' and 'newsx' variables upon submission to the news.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nQLnews contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'autorx' and 'newsx' variables upon submission to the news.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## References:\nVendor URL: http://www.vscripts.pl/\n[Secunia Advisory ID:19479](https://secuniaresearch.flexerasoftware.com/advisories/19479/)\n[Related OSVDB ID: 24291](https://vulners.com/osvdb/OSVDB:24291)\nOther Advisory URL: http://evuln.com/vulns/113/summary.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-04/0230.html\nKeyword: EV0113\nISS X-Force ID: 25546\n[CVE-2006-1575](https://vulners.com/cve/CVE-2006-1575)\nBugtraq ID: 17335\n", "modified": "2006-03-30T02:02:35", "published": "2006-03-30T02:02:35", "href": "https://vulners.com/osvdb/OSVDB:24290", "id": "OSVDB:24290", "type": "osvdb", "title": "QLnews news.php Multiple Variable XSS", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:17", "bulletinFamily": "software", "description": "New eVuln Advisory:\r\nQLnews XSS and PHP Code Insertion Vulnerabilities\r\nhttp://evuln.com/vulns/113/summary.html\r\n\r\n--------------------Summary----------------\r\neVuln ID: EV0113\r\nCVE: CVE-2006-1575 CVE-2006-1576\r\nSoftware: QLnews\r\nSowtware's Web Site: http://www.vscripts.pl/\r\nVersions: 1.2\r\nCritical Level: Dangerous\r\nType: Multiple Vulnerabilities\r\nClass: Remote\r\nStatus: Unpatched. No reply from developer(s)\r\nPoC/Exploit: Available\r\nSolution: Not Available\r\nDiscovered by: Aliaksandr Hartsuyeu (eVuln.com)\r\n\r\n-----------------Description---------------\r\n1. Cross-Site Scripting.\r\n\r\nVulnerable Script: news.php\r\n\r\nParameters autorx, newsx are not properly sanitized. This can be used to post arbitrary HTML or web script code.\r\n\r\n\r\n2. PHP Code Insertion.\r\n\r\nAdministrator has an ability to edit variable values in config.php file. This can be used to insert arbitrary PHP code into config file which executes by every php-script.\r\n\r\nSystem access is possible.\r\n\r\nCondition: magic_quotes_gpc = off\r\n\r\n\r\n--------------PoC/Exploit----------------------\r\nAvailable at: http://evuln.com/vulns/113/exploit.html\r\n\r\n--------------Solution---------------------\r\nNo Patch available.\r\n\r\n--------------Credit-----------------------\r\nDiscovered by: Aliaksandr Hartsuyeu (eVuln.com)\r\n\r\n\r\nRegards,\r\nAliaksandr Hartsuyeu\r\nhttp://evuln.com - Penetration Testing Services\r\n.", "modified": "2006-04-12T00:00:00", "published": "2006-04-12T00:00:00", "id": "SECURITYVULNS:DOC:12187", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:12187", "title": "[eVuln] QLnews XSS and PHP Code Insertion Vulnerabilities", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}
