CVE-2004-1829

Gijza.net Error Manager 2.1 for PHP-Nuke 6.0 - Cross-Site Scripting via pagetitle or error Parameters

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2004-1829. PoCs published by Janek Vind.

AI-analyzed exploit summary This exploit demonstrates an HTML injection vulnerability in Error Manager, allowing an attacker to create an admin user by tricking an admin into viewing a crafted error log. The PoC includes XSS and HTML injection techniques.

Description

Multiple cross-site scripting (XSS) vulnerabilities in error.php in Gijza.net Error Manager 2.1 for PHP-Nuke 6.0 allow remote attackers to inject arbitrary web script or HTML via the (1) pagetitle or (2) error parameters, or (3) certain parameters in the error log.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Janek Vind · textwebappsphp

https://www.exploit-db.com/exploits/23845

View Code ZIP pw:eip

This exploit demonstrates an HTML injection vulnerability in Error Manager, allowing an attacker to create an admin user by tricking an admin into viewing a crafted error log. The PoC includes XSS and HTML injection techniques.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Error Manager (PHP-Nuke 7.1)

No auth needed

Prerequisites: Access to the target's error.php page · Admin user must view the crafted error log

MITRE ATT&CK