Vulnerability Name:

CVE-2005-0870 (CCN-19807)

Assigned:2005-03-24
Published:2005-03-24
Updated:2017-07-11
Summary:Multiple cross-site scripting (XSS) vulnerabilities in phpSysInfo 2.3, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) sensor_program parameter to index.php, (2) text[language], (3) text[template], or (4) hide_picklist parameter to system_footer.php.
CVSS v3 Severity:3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
2.6 Low (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: MISC
Type: UNKNOWN
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=301118

Source: MITRE
Type: CNA
CVE-2005-0870

Source: BUGTRAQ
Type: UNKNOWN
20050323 [SECURITYREASON.COM] phpSysInfo 2.3 Multiple vulnerabilities

Source: CCN
Type: phpSysInfo Web page
phpSysInfo

Source: CCN
Type: SA14690
phpSysInfo Cross-Site Scripting and Unspecified Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
14690

Source: SECUNIA
Type: UNKNOWN
17616

Source: SECUNIA
Type: UNKNOWN
17643

Source: DEBIAN
Type: UNKNOWN
DSA-724

Source: DEBIAN
Type: UNKNOWN
DSA-897

Source: DEBIAN
Type: UNKNOWN
DSA-898

Source: DEBIAN
Type: UNKNOWN
DSA-899

Source: DEBIAN
Type: DSA-724
phpsysinfo -- design flaw

Source: DEBIAN
Type: DSA-897
phpsysinfo -- programming errors

Source: DEBIAN
Type: DSA-898
phpgroupware -- programming errors

Source: DEBIAN
Type: DSA-899
egroupware -- programming errors

Source: MANDRIVA
Type: UNKNOWN
MDKSA-2005:212

Source: CCN
Type: OSVDB ID: 14949
phpSysInfo index.php sensor_program Parameter XSS

Source: CCN
Type: OSVDB ID: 14950
phpSysInfo system_footer.php Multiple Parameter XSS

Source: BUGTRAQ
Type: UNKNOWN
20051115 Advisory 22/2005: Multiple vulnerabilities in phpSysInfo

Source: BID
Type: UNKNOWN
12887

Source: CCN
Type: BID-12887
PHPSysInfo Multiple Cross-Site Scripting Vulnerabilities

Source: BID
Type: UNKNOWN
15414

Source: CCN
Type: BID-15414
PHPsysInfo Multiple Input Validation Vulnerabilities

Source: XF
Type: UNKNOWN
phpsysinfo-sensor-program-xss(19807)

Source: XF
Type: UNKNOWN
phpsysinfo-sensor-program-xss(19807)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:phpsysinfo:phpsysinfo:2.3:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:phpsysinfo:phpsysinfo:2.3:*:*:*:*:*:*:*
  • AND
  • cpe:/o:debian:debian_linux:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0::x86_64:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.debian:def:898
    V
    		programming errors
    2005-11-17
    oval:org.debian:def:899
    V
    		programming errors
    2005-11-17
    oval:org.debian:def:897
    V
    		programming errors
    2005-11-15
    oval:org.debian:def:724
    V
    		design flaw
    2005-05-18
    BACK
    phpsysinfo phpsysinfo 2.3
    phpsysinfo phpsysinfo 2.3
    debian debian linux 3.0
    mandrakesoft mandrake linux corporate server 3.0
    debian debian linux 3.1
    mandrakesoft mandrake linux corporate server 3.0