CVE-2005-0870

phpSysInfo 2.3 - Cross-Site Scripting via Multiple Parameters

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2005-0870. PoCs published by Maksymilian Arciemowicz.

AI-analyzed exploit summary This exploit demonstrates multiple XSS vulnerabilities in phpSysInfo due to improper input sanitization. The PoC provides URLs with malicious payloads that can execute arbitrary script code in a user's browser.

Description

Multiple cross-site scripting (XSS) vulnerabilities in phpSysInfo 2.3, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) sensor_program parameter to index.php, (2) text[language], (3) text[template], or (4) hide_picklist parameter to system_footer.php.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Maksymilian Arciemowicz · textwebappsphp
https://www.exploit-db.com/exploits/25266

This exploit demonstrates multiple XSS vulnerabilities in phpSysInfo due to improper input sanitization. The PoC provides URLs with malicious payloads that can execute arbitrary script code in a user's browser.

Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: phpSysInfo (version not specified)
No auth needed
Prerequisites: Access to the target application's URL
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by Maksymilian Arciemowicz · textwebappsphp
https://www.exploit-db.com/exploits/25265

The provided text describes a cross-site scripting (XSS) vulnerability in phpSysInfo due to improper input sanitization. It includes a sample exploit URL but lacks actual exploit code.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Theoretical
Target: phpSysInfo (version not specified)
No auth needed
Prerequisites: Access to a vulnerable phpSysInfo instance
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (14)

Core 14
Core References
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2005/dsa-898
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2005/dsa-897
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/17616
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDKSA-2005:212
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/15414
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/14690/
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=111161017209422&w=2
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/19807
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/416543
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/12887
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2005/dsa-724
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2005/dsa-899
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/17643

Scores

EPSS 0.0372
EPSS Percentile 88.3%

Details

Status published
Products (1)
phpsysinfo/phpsysinfo 2.3
Published May 02, 2005
Tracked Since Feb 18, 2026