CVE-2005-0870
published 2005-05-02CVE-2005-0870: Multiple cross-site scripting (XSS) vulnerabilities in phpSysInfo 2.3, when register_globals is enabled, allow remote attackers to inject arbitrary web script…
PriorityP418medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
3.72%
88.4th percentile
Multiple cross-site scripting (XSS) vulnerabilities in phpSysInfo 2.3, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) sensor_program parameter to index.php, (2) text[language], (3) text[template], or (4) hide_picklist parameter to system_footer.php.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | phpsysinfo | < phpsysinfo 2.3-7 (bookworm) | phpsysinfo 2.3-7 (bookworm) |
| phpsysinfo | phpsysinfo | — | — |
| phpsysinfo | phpsysinfo | >= 0 < 2.3-7 | 2.3-7 |
| phpsysinfo | phpsysinfo | >= 0 < 2.3-7 | 2.3-7 |
| phpsysinfo | phpsysinfo | >= 0 < 2.3-7 | 2.3-7 |
| phpsysinfo | phpsysinfo | >= 0 < 2.3-7 | 2.3-7 |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
osv4.3MEDIUM
vendor_debian4.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2005-0870: phpsysinfo - Multiple cross-site scripting (XSS) vulnerabilities in phpSysInfo 2.3, when regi...
vendor_debian·2005·CVSS 4.3
CVE-2005-0870 [MEDIUM] CVE-2005-0870: phpsysinfo - Multiple cross-site scripting (XSS) vulnerabilities in phpSysInfo 2.3, when regi...
Multiple cross-site scripting (XSS) vulnerabilities in phpSysInfo 2.3, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) sensor_program parameter to index.php, (2) text[language], (3) text[template], or (4) hide_picklist parameter to system_footer.php.
Scope: local
bookworm: resolved (fixed in 2.3-7)
bullseye: resolved (fixed in 2.3-7)
forky: resolved (fixed in 2.3-7)
sid: resolved (fixed in 2.3-7)
trixie: resolved (fixed in 2.3-7)
GHSA
GHSA-m488-92rv-23cc: Multiple cross-site scripting (XSS) vulnerabilities in phpSysInfo 2
ghsa_unreviewed·2022-05-01
CVE-2005-0870 [MEDIUM] GHSA-m488-92rv-23cc: Multiple cross-site scripting (XSS) vulnerabilities in phpSysInfo 2
Multiple cross-site scripting (XSS) vulnerabilities in phpSysInfo 2.3, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) sensor_program parameter to index.php, (2) text[language], (3) text[template], or (4) hide_picklist parameter to system_footer.php.
OSV
CVE-2005-0870: Multiple cross-site scripting (XSS) vulnerabilities in phpSysInfo 2
osv·2005-05-02·CVSS 4.3
CVE-2005-0870 [MEDIUM] CVE-2005-0870: Multiple cross-site scripting (XSS) vulnerabilities in phpSysInfo 2
Multiple cross-site scripting (XSS) vulnerabilities in phpSysInfo 2.3, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) sensor_program parameter to index.php, (2) text[language], (3) text[template], or (4) hide_picklist parameter to system_footer.php.
No detection rules found.
Exploit-DB
PHPSysInfo 2.0/2.3 - 'sensor_program' Cross-Site Scripting
exploitdb·2005-03-23
CVE-2005-0870 PHPSysInfo 2.0/2.3 - 'sensor_program' Cross-Site Scripting
PHPSysInfo 2.0/2.3 - 'sensor_program' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/12887/info
phpSysInfo is reportedly affected by multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
http://www.example.com/[phpSysInfo]/index.php?sensor_program=[XSS]
Exploit-DB
PHPSysInfo 2.0/2.3 - 'system_footer.php' Cross-Site Scripting
exploitdb·2005-03-23
CVE-2005-0870 PHPSysInfo 2.0/2.3 - 'system_footer.php' Cross-Site Scripting
PHPSysInfo 2.0/2.3 - 'system_footer.php' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/12887/info
phpSysInfo is reportedly affected by multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
http://www.example.com/[phpSysInfo]/includes/system_footer.php?text[language]=">[XSS]
http://www.example.com/[phpSysInfo]/includes/system_footer.php?text[template]=">[XSS]
http://www.example.com/[phpSysInfo]/includes/system_footer.php?hide_picklist=cXIb8O3&VERSION=[XSS]
No writeups or analysis indexed.
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=301118http://marc.info/?l=bugtraq&m=111161017209422&w=2http://secunia.com/advisories/14690/http://secunia.com/advisories/17616http://secunia.com/advisories/17643http://www.debian.org/security/2005/dsa-724http://www.debian.org/security/2005/dsa-897http://www.debian.org/security/2005/dsa-898http://www.debian.org/security/2005/dsa-899http://www.mandriva.com/security/advisories?name=MDKSA-2005:212http://www.securityfocus.com/archive/1/416543http://www.securityfocus.com/bid/12887http://www.securityfocus.com/bid/15414https://exchange.xforce.ibmcloud.com/vulnerabilities/19807http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=301118http://marc.info/?l=bugtraq&m=111161017209422&w=2http://secunia.com/advisories/14690/http://secunia.com/advisories/17616http://secunia.com/advisories/17643http://www.debian.org/security/2005/dsa-724http://www.debian.org/security/2005/dsa-897http://www.debian.org/security/2005/dsa-898http://www.debian.org/security/2005/dsa-899http://www.mandriva.com/security/advisories?name=MDKSA-2005:212http://www.securityfocus.com/archive/1/416543http://www.securityfocus.com/bid/12887http://www.securityfocus.com/bid/15414https://exchange.xforce.ibmcloud.com/vulnerabilities/19807
2005-05-02
Published