PHPSysInfo 2.x Multiple Input Validation Vulnerabilities

ID SSV:80133
Type seebug
Reporter Root
Modified 2014-07-01T00:00:00


No description provided by source.


phpSysInfo is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.

phpSysInfo is prone to cross-site scripting, HTTP response splitting and arbitrary local file inclusion vulnerabilities.

An attacker can exploit these vulnerabilities to steal cookie-based authentication credentials, aid in phishing style attacks and retrieve privileged or sensitive information; other attacks are also possible.'xss')%3C/script%3E[HTTP_ACCEPT_LANGUAGE]=../../README%00[HTTP_ACCEPT_LANGUAGE]=../../README%00&lng=../../README%00<html>Hacked!</html>