[Full-disclosure] SEC-CONSULT SA20050602-1 :: Arbitrary File Inclusion in phpCMS 1.2.x

SEC-CONSULT Security Advisory 20050602-1 ======================================================================= title: Arbitrary File Inclusion in phpCMS 1.2.x program: phpCMS vulnerable version: 1.2.0, 1.2.1, 1.2.1pl1 homepage: www.phpcms.de found: 2005-05-31 by: sk0L / SEC-CONSULT /...

CVE-2004-1202

Cross-site scripting XSS vulnerability in parser.php in phpCMS 1.2.1 and earlier, with non-stealth and debug modes enabled, allows remote attackers to inject arbitrary web script or HTML via the file parameter...

CVE-2004-1203

parser.php in phpCMS 1.2.1 and earlier, with non-stealth and debug modes enabled, allows remote attackers to gain sensitive information via an invalid file parameter, which reveals the web server's installation path...

CVE-2004-1202

Cross-site scripting XSS vulnerability in parser.php in phpCMS 1.2.1 and earlier, with non-stealth and debug modes enabled, allows remote attackers to inject arbitrary web script or HTML via the file parameter...

CVE-2004-1203

parser.php in phpCMS 1.2.1 and earlier, with non-stealth and debug modes enabled, allows remote attackers to gain sensitive information via an invalid file parameter, which reveals the web server's installation path...

CVE-2004-1202

CVE-2004-1202 affects phpCMS up to version 1.2.1, where parser.php fails to sanitize user input in the file parameter, enabling cross-site scripting (XSS). Multiple connected sources confirm this vulnerability in phpCMS and link it to XSS via parser.php with non-stealth and debug modes. Impact is...

CVE-2004-1203

The CVE concerns phpCMS prior to 1.2.1. When non-stealth and debug modes are enabled, parsing in parser.php allows remote attackers to obtain the web server’s installation path by supplying an invalid file parameter, causing information disclosure. Affected software: phpCMS 1.2.1 and earlier. Roo...

phpCMS parser.php file Parameter XSS

The remote host runs phpCMS, a content management system written in PHP. This version is vulnerable to cross-site scripting due to a lack of sanitization of user-supplied data in parser.php script. Successful exploitation of this issue may allow an attacker to execute malicious script code on a...

phpCMS <= 1.2.1 Xss Vulnerability, Information disclosure

Title: phpCMS = 1.2.1 Xss Vulnerability, Information disclosure Affects: - = 1.2.1 Effect: Cross Site Attack session hijacking, ... Id: cbsa-0006 Release Date: 2004/11/26 Author: Cyrille Barthelemy [email protected] -- 1. Introduction ------------------------ phpCMS is a content management...

phpCMS 1.11.2 - Cross-Site Scripting

phpCMS 1.11.2 - Cross-Site Scripting source: https://www.securityfocus.com/bid/11765/info It is reported that phpCMS is susceptible to a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in...

phpCMS 1.1/1.2 - Cross-Site Scripting

source: https://www.securityfocus.com/bid/11765/info It is reported that phpCMS is susceptible to a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in dynamically generated Web pages. It is report...