| VID |
21875 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The Clever Copy is vulnerable to multiple vulnerabilities which exist in version 2.0a and earlier versions. Clever Copy is a freely available Web portal and news posting system written in PHP. Clever Copy version 2.0a and earlier versions are vulnerable to multiple vulnerabilities, which can be exploited by a remote attacker to conduct cross-site scripting attacks and unauthorized access to private messages and to disclose sensitive information.
* References:
http://lostmon.blogspot.com/2005/07/clever-copy-calendarphp-yr-variable.html
http://lostmon.blogspot.com/2005/07/clever-copy-path-disclosure-and-xss.html
http://lostmon.blogspot.com/2005/07/clever-copy-unauthorized-read-delete.html
http://secunia.com/advisories/16236/
http://www.securitytracker.com/alerts/2005/Jul/1014485.html
* Platforms Affected:
Clever Copy version 2.0a and earlier versions
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of Clever Copy (3.0 or later), available from the Clever Copy Download Web site at http://clevercopy.bestdirectbuy.com/downloads.php |
| Related URL |
CVE-2005-2324,CVE-2005-2325,CVE-2005-2326 (CVE) |
| Related URL |
14278,14395,14397 (SecurityFocus) |
| Related URL |
21375,21617,21639 (ISS) |
|
