CVE-2008-5164
published 2008-11-19CVE-2008-5164: Multiple cross-site scripting (XSS) vulnerabilities in The Rat CMS Pre-Alpha 2 allow remote attackers to inject arbitrary web script or HTML via the (1) id…
PriorityP417medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
1.49%
70.8th percentile
Multiple cross-site scripting (XSS) vulnerabilities in The Rat CMS Pre-Alpha 2 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to (a) viewarticle.php and (b) viewarticle2.php and the (2) PATH_INFO to viewarticle.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| theratstudios | the_rat_cms | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
The Rat CMS - 'viewarticle.php' Multiple Cross-Site Scripting Vulnerabilities
exploitdb·2008-06-26
CVE-2008-5164 The Rat CMS - 'viewarticle.php' Multiple Cross-Site Scripting Vulnerabilities
The Rat CMS - 'viewarticle.php' Multiple Cross-Site Scripting Vulnerabilities
---
source: https://www.securityfocus.com/bid/29959/info
The Rat CMS is prone to multiple input-validation vulnerabilities, including SQL-injection issues and cross-site scripting issues, because it fails to sufficiently sanitize user-supplied data.
Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
The Rat CMS Pre-Alpha 2 is vulnerable; other versions may also be affected.
http://www.example.com/[trcms_path]/viewarticle.php/
http://www.example.com/[trcms_path]/viewarticle.php?id=
Exploit-DB
The Rat CMS - 'viewarticle2.php?id' Cross-Site Scripting
exploitdb·2008-06-26
CVE-2008-5164 The Rat CMS - 'viewarticle2.php?id' Cross-Site Scripting
The Rat CMS - 'viewarticle2.php?id' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/29959/info
The Rat CMS is prone to multiple input-validation vulnerabilities, including SQL-injection issues and cross-site scripting issues, because it fails to sufficiently sanitize user-supplied data.
Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
The Rat CMS Pre-Alpha 2 is vulnerable; other versions may also be affected.
http://www.example.com/[trcms_path]/viewarticle2.php?id=
No writeups or analysis indexed.
http://securityreason.com/securityalert/4612http://www.securityfocus.com/archive/1/493684/100/0/threadedhttp://www.securityfocus.com/bid/29959https://exchange.xforce.ibmcloud.com/vulnerabilities/43378http://securityreason.com/securityalert/4612http://www.securityfocus.com/archive/1/493684/100/0/threadedhttp://www.securityfocus.com/bid/29959https://exchange.xforce.ibmcloud.com/vulnerabilities/43378
2008-11-19
Published