header-logo
Suggest Exploit
vendor:
PHProg
by:
SecurityFocus
7.5
CVSS
HIGH
Cross-site Scripting and Local File-Include Attacks
79, 98
CWE
Product Name: PHProg
Affected Version From: 1
Affected Version To: 1
Patch Exists: N/A
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2006

PHProg Multiple Vulnerabilities

PHProg is prone to multiple vulnerabilities. The issues result from insufficient sanitization of user-supplied data and may allow an attacker to carry out cross-site scripting and local file-include attacks. An example of a local file-include attack is demonstrated in the URL provided in the text.

Mitigation:

Input validation should be used to ensure that user-supplied data is properly sanitized.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/19957/info
 
PHProg is prone to multiple vulnerabilities. The issues result from insufficient sanitization of user-supplied data and may allow an attacker to carry out cross-site scripting and local file-include attacks. 
 
Version 1.0 of PHProg is reported vulnerable; other versions may be affected as well.
 
NOTE: This BID is being retired because it is a duplicate of BID 19942.

http://www.example.com/PHProg/index.php?lang=../../../../../../BOOT.INI%00

Navigation

Suggest Exploit

Services By CQR