CVE-2005-2564

Gravity Board X <1.1 - Code Injection

Title source: llm

Description

Direct static code injection vulnerability in editcss.php in Gravity Board X (GBX) 1.1 allows remote attackers to execute arbitrary PHP code, HTML, and script via the csscontent parameter, which is directly inserted into the gbxfinal.css file.

Exploits (1)

exploitdb WORKING POC VERIFIED

by RusH · perlwebappsphp

https://www.exploit-db.com/exploits/1510

View Code ZIP pw:eip

References (2)

[Mailing List] http://marc.info/?l=bugtraq&m=112351740803443&w=2

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/21742

Scores

EPSS 0.0315

EPSS Percentile 86.9%

Details

Status published

Products (1)

gravity_board_x_development_team/gravity_board_x 1.1

Published Aug 16, 2005

Tracked Since Feb 18, 2026