Bug: Php Web Statistik Multiple Vulnerabilities (WLB-2005110071 Ascii Version)

	WLB2
Full List

Bugs

Bogus

Tricks

Exploits

	CVE MAP
Full List

Vendors

Products

	Tools
CWE Dictionary

Google Hacking

	Search
General

CVE

CWE

	RSS
Full List

Bugs

Exploits

Dorks

	Information
Our services

Add note

About



	Submit
To add a note, use this form or send email to submit@cxsecurity.com When contacting via email, we recommend coded messages. Get our PGP public key

Topic:	Php Web Statistik Multiple Vulnerabilities
Credit:	ascii (ascii katamail com)
Date:	2005.11.29
CWE:	N/A
CVE:	CVE-2005-4015 (Show details) Use CVE to see details like: - CVSS2, - Affected Software, - References

Risk	Local		Remote
Low	No		Yes

PHP Web Statistik Multiple Vulnerabilities

Name Multiple Vulnerabilities in PHP Web Statistik
Systems Affected PHP Web Statistik (verified on 1.4)
Severity Medium Risk
Vendor www.php-web-statistik.de
Advisory http://www.ush.it/2005/11/19/php-web-statistik/
Author Francesco Â?aSciiÂ? Ongaro (ascii at katamail . com)
Date 20051119

PHP Web Statistik is vulnerable to javascript and HTML injection using
the unchecked $lastnumber variable, proper input validation will fix.
Just place an intval() at the right row. Other vulnerabilities has been
discovered later.

Advisory released on 20051119:
Php Web Statistik Multiple Vulnerabilities
http://www.ush.it/2005/11/19/php-web-statistik/

[ ASCII VERSION ]

Bug: Php Web Statistik Multiple Vulnerabilities (WLB-2005110071 Ascii Version)

use this form