Vulnerability CVE-2006-1645


Published: 2006-04-06   Modified: 2012-02-12

Description:
Cross-site scripting (XSS) vulnerability in Anton Vlasov and Rostislav Gaitkuloff ReloadCMS 1.2.5 and earlier allows remote attackers to inject arbitrary web script or HTML and gain leverage to execute arbitrary PHP code via the User-Agent HTTP header, which is displayed by admin/modules/general/statistic.php in the administration panel.

Type:

CWE-Other

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.8/10
6.4/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Reloadcms -> Reloadcms 

 References:
http://www.securityfocus.com/archive/1/429666/100/0/threaded
http://www.securityfocus.com/bid/17353
http://www.vupen.com/english/advisories/2006/1193
https://exchange.xforce.ibmcloud.com/vulnerabilities/25604

Copyright 2024, cxsecurity.com

 

Back to Top