Description
Multiple cross-site scripting (XSS) vulnerabilities in phpSysInfo 2.3, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) sensor_program parameter to index.php, (2) text[language], (3) text[template], or (4) hide_picklist parameter to system_footer.php.
Exploits (2)
exploitdb
WORKING POC
VERIFIED
by Maksymilian Arciemowicz · textwebappsphp
https://www.exploit-db.com/exploits/25266
exploitdb
WRITEUP
VERIFIED
by Maksymilian Arciemowicz · textwebappsphp
https://www.exploit-db.com/exploits/25265
References (14)
Core 14
Core References
Issue Tracking x_refsource_misc
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=301118
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2005/dsa-898
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2005/dsa-897
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/17616
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDKSA-2005:212
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/15414
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/14690/
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=111161017209422&w=2
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/19807
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/416543
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/12887
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2005/dsa-724
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2005/dsa-899
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/17643
Scores
EPSS
0.1171
EPSS Percentile
93.7%
Details
Status
published
Products (1)
phpsysinfo/phpsysinfo
2.3
Published
May 02, 2005
Tracked Since
Feb 18, 2026