CVE-2005-1000
PHP-Nuke 7.6 - Cross-Site Scripting via Multiple Parameters
Title source: llmExploitation Summary
EIP tracks 4 public exploits for CVE-2005-1000. PoCs published by Maksymilian Arciemowicz, [email protected].
AI-analyzed exploit summary The provided text describes multiple cross-site scripting (XSS) vulnerabilities in the Web_Links Module of PHP-Nuke. It includes example URLs demonstrating how an attacker could inject arbitrary script code by manipulating user-supplied input parameters.
Description
Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 7.6 allow remote attackers to inject arbitrary web script or HTML via (1) the bid parameter to the EmailStats op in banners.pgp, (2) the ratenum parameter in the TopRated and MostPopular actions in the Web_Links module, (3) the ttitle parameter in the viewlinkdetails, viewlinkeditorial, viewlinkcomments, and ratelink actions in the Web_Links module, or (4) the username parameter in the Your_Account module.
Exploits (4)
The provided text describes multiple cross-site scripting (XSS) vulnerabilities in the Web_Links Module of PHP-Nuke. It includes example URLs demonstrating how an attacker could inject arbitrary script code by manipulating user-supplied input parameters.
The provided text describes a cross-site scripting (XSS) vulnerability in PHP-Nuke, where user-supplied input is not properly sanitized in the 'banners.php' script. An attacker can exploit this by crafting a malicious URL with arbitrary script code.
The exploit describes a cross-site scripting (XSS) vulnerability in PHP-Nuke's 'Your_Account' module, where the 'avatarcategory' parameter fails to sanitize user-supplied input, allowing remote attackers to execute arbitrary script code in the context of the victim's browser.
The exploit describes a cross-site scripting (XSS) vulnerability in PHP-Nuke's 'Your_Account' module due to improper sanitization of the 'username' parameter. It provides example URIs demonstrating how an attacker could inject malicious script code.