PHProg 1.0 - 'index.php?album' Cross-Site Scripting
| EKU-ID: 33735 | CVE: CVE-2006-4754;OSVDB-28821 | OSVDB-ID: |
| Author: cdg393 | Published: 2006-09-11 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 33735 | CVE: CVE-2006-4754;OSVDB-28821 | OSVDB-ID: |
| Author: cdg393 | Published: 2006-09-11 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
source: https://www.securityfocus.com/bid/19957/info
PHProg is prone to multiple vulnerabilities. The issues result from insufficient sanitization of user-supplied data and may allow an attacker to carry out cross-site scripting and local file-include attacks.
Version 1.0 of PHProg is reported vulnerable; other versions may be affected as well.
NOTE: This BID is being retired because it is a duplicate of BID 19942.
http://www.example.com/PHProg/?id=1&album=<script>alert('input')</script>