| VID |
21255 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The phpWebSite installed on the Web server has multiple vulnerabilities.
phpWebSite is an open-source Web content management tool written in PHP for Windows and Unix-based operating systems. Multiple security vulnerabilities in the product allows remote attackers to execute arbitrary SQL queries in the affected server with the privileges of the application user, or to disable the server entirely. The attacker can also exploit a cross-site scripting vulnerability to steal the victim's cookie-based authentication credentials, obtain other sensitive information.
* References:
http://www.securityfocus.com/archive/1/332561
http://archives.neohapsis.com/archives/bugtraq/2003-08/0097.html
* Platforms Affected:
phpWebSite version 0.9.x and earlier
Windows Any version
Unix/Linux Any version |
| Recommendation |
No patch or upgrade available as of August 2003.
If a patch or an upgrade is released, then you can download it from http://phpwebsite.appstate.edu/index.php?menu=1 |
| Related URL |
CVE-2003-0735,CVE-2003-0736,CVE-2003-0737,CVE-2003-0738 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
12891,12894,12895,12896 (ISS) |
|
