phpWebSite: Arbitrary PHP execution and path disclosure

Background phpWebSite provides a complete web site content management system. Description NST discovered that, when submitting an announcement, uploaded files aren't correctly checked for malicious code. They also found out that phpWebSite is vulnerable to a path disclosure. Impact A remote...

CVE-2005-0565

The vulnerability CVE-2005-0565 affects phpWebSite 0.10.0 and earlier, where the Announce module lets a remote attacker cause arbitrary PHP execution by setting the Image field to reference a PHP file whose name contains a .gif.php extension. OpenVAS/Nessus/Gentoo GLSA entries corroborate remote ...

CVE-2005-0572

Summary (CVE-2005-0572) : Affects phpWebSite 0.10.0 and earlier. The vulnerability stems from an invalid SEA_search_module parameter in index.php, which causes a PHP error message that reveals the script path, enabling a remote attacker to disclose sensitive information. The issue is associated w...

CVE-2005-0572

index.php in phpWebSite 0.10.0 and earlier allows remote attackers to obtain sensitive information via an invalid SEAsearchmodule parameter, which reveals the path in a PHP error message...

CVE-2005-0565

The Announce module in phpWebSite 0.10.0 and earlier allows remote attackers to execute arbitrary PHP code by setting the Image field to reference a PHP file whose name contains a .gif.php extension...

PT-2005-1620 · Phpwebsite · Phpwebsite

Name of the Vulnerable Software and Affected Versions: phpWebSite versions 0.10.0 and earlier Description: The issue allows remote attackers to obtain sensitive information via an invalid SEA search module parameter, which reveals the path in a PHP error message. Recommendations: For phpWebSite...

phpWebSite-0.10.0 эксплоит

oooo...oooo.oooooooo8.ooooooooooo .8888o..88.888........88..888..88 .88.888o88..888oooooo.....888 .88...8888.........888....888 o88o....88.o88oooo888....o888o Network security team nst.e-nex.com Title: phpWebSite = v0.10.0 Bug found by: nst Date: 24.02.2005 Web: phpwebsite.appstate.edu...

phpWebSite-0.10.0_exploit

oooo...oooo.oooooooo8.ooooooooooo .8888o..88.888........88..888..88 .88.888o88..888oooooo.....888 .88...8888.........888....888 o88o....88.o88oooo888....o888o Network security team nst.e-nex.com Title: phpWebSite = v0.10.0 Bug found by: nst Date: 24.02.2005 Web: phpwebsite.appstate.edu...

phpWebSite Detection

The remote host is running phpWebSite, a website content management system written in PHP. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid17222; scriptversion"1.21"; scriptsetattributeattribute:"pluginmodificationdate", value:"2023/05/24"; scriptnameenglish:"phpWebSi...

phpWebSite Image Announcement Upload Arbitrary Command Execution

The remote host is running a version of phpWebSite in which the Announcements module allows a remote attacker to both upload PHP scripts disguised as image files and later run them using the permissions of the web server user. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

phpWebSite 0.10.0 Full Path disclosure

/ -------------------------------------------------------- Neo Security Team NST® wWw.SoSvulnerable.NeT ® -------------------------------------------------------- Program: phpWebSite 0.10.0 Homepage: http://phpwebsite.appstate.edu Vulnerable Versions: All Risk: High!! Impact: Full Path disclosure...

phpWebSite 0.x - Image File Processing Arbitrary .PHP File Upload

phpWebSite 0.x - Image File Processing Arbitrary .PHP File Upload source: https://www.securityfocus.com/bid/12653/info phpWebSite is reported prone to a remote arbitrary PHP file upload vulnerability. The issue presents itself due to a lack of sanitization performed on image files that are upload...

phpWebSite 0.x - Image File Processing Arbitrary '.PHP' File Upload

source: https://www.securityfocus.com/bid/12653/info phpWebSite is reported prone to a remote arbitrary PHP file upload vulnerability. The issue presents itself due to a lack of sanitization performed on image files that are uploaded when submitting an announcement. A remote attacker may exploit...

CVE-2004-1654

The CVE-2004-1654 entry concerns a SQL injection vulnerability in the calendar module of phpWebsite, affecting version 0.9.3-4 and earlier. The root cause is injection via the cal_template parameter, enabling remote attackers to execute arbitrary SQL commands. This is classified as HIGH severity ...

CVE-2004-1655

CVE-2004-1655 affects phpWebsite (version 0.9.3-4 and earlier). The vulnerability is a cross-site scripting (XSS) issue that allows remote attackers to inject arbitrary script or HTML via the CM_pid parameter in the comments module or via the subject or message fields in the notes module. The pro...

CVE-2004-1655

Cross-site scripting XSS vulnerability in phpWebsite 0.9.3-4 and earlier allows remote attackers to inject arbitrary web script or HTML via the 1 CMpid parameter in the comments module or 2 the subject or message fields in the notes module...

CVE-2004-1654

SQL injection vulnerability in the calendar module in phpWebsite 0.9.3-4 and earlier allows remote attackers to execute arbitrary SQL commands via caltemplate...

CVE-2004-1516

CRLF injection vulnerability in index.php in phpWebSite 0.9.3-4 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the blockusername parameter in the user module...

CVE-2004-1516

The CVE-2004-1516 entry corresponds to a CRLF injection (HTTP response splitting) vulnerability in phpWebSite 0.9.3-4, exploitable via the block_username parameter in the user module. The issue arises from insufficient input validation in the PHP application, enabling remote attackers to inject a...

CVE-2004-2322

SQL injection vulnerability in the 1 announce and 2 notes modules of phpWebSite before 0.9.3-2 allows remote attackers to execute arbitrary SQL queries, as demonstrated using the ANNid parameter to the announce module...