5 matches found
LEMON-S PHP Simple Oekaki BBS Arbitrary File Deletion Vulnerability
LEMON-S PHP Simple Oekaki BBS is a PHP-based electronic bulletin board BBS script. A security vulnerability exists in the index.php script of LEMON-S PHP Simple Oekaki BBS versions prior to 1.21. A remote attacker can exploit the vulnerability to delete arbitrary files with the help of the...
LEMON-S PHP Simple Oekaki BBS Cross-Site Scripting Vulnerability
LEMON-S PHP Simple Oekaki BBS is a PHP-based electronic bulletin board BBS script. A cross-site scripting vulnerability exists in the index.php script in LEMON-S PHP Simple Oekaki BBS versions prior to 1.21. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML...
Cross site scripting
Cross-site scripting XSS vulnerability in index.php in LEMON-S PHP Simple Oekaki BBS before 1.21 allows remote attackers to inject arbitrary web script or HTML via the oekakis parameter...
CVE-2015-2970
The vulnerability CVE-2015-2970 affects the LEMON-S PHP Simple Oekaki BBS, specifically versions prior to 1.21. A flaw in index.php allows remote attackers to delete arbitrary files by manipulating the oekakis parameter, due to improper parsing. This is a server-side file deletion issue that coul...
Simple Oekaki BBS vulnerability where arbitrary files may be deleted
Overview Simple Oekaki BBS provided by LEMON-S PHP contains a flaw in parsing the oekakis parameter in index.php, which may allow a remote attacker to delete arbitrary files. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early...