Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-1645

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2006-1645
Last Modified 07 Mar 2011 09:33:29
Published 06 Apr 2006 06:04:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2006-1645

Summary

Cross-site scripting (XSS) vulnerability in Anton Vlasov and Rostislav Gaitkuloff ReloadCMS 1.2.5 and earlier allows remote attackers to inject arbitrary web script or HTML and gain leverage to execute arbitrary PHP code via the User-Agent HTTP header, which is displayed by admin/modules/general/statistic.php in the administration panel.

Vulnerable Systems

Application

  • Reloadcms 1.2.0

  • Reloadcms 1.2.0 P1

  • Reloadcms 1.2.1

  • Reloadcms 1.2.2

  • Reloadcms 1.2.3

  • Reloadcms 1.2.4

  • Reloadcms 1.2.5


References

VUPEN - ADV-2006-1193

BID - 17353

BUGTRAQ - 20060402 ReloadCMS <= 1.2.5stable Cross site scripting / remote command execution

SECUNIA - 19470

XF - reloadcms-useragent-xss(25604)

OSVDB - 24327


Last Updated: 27 May 2016 10:42:09