CVE-2005-2638
PHPFreeNews 1.40 - Cross-Site Scripting via NewsMode or Match Parameter
Title source: llmExploitation Summary
EIP tracks 2 public exploits for CVE-2005-2638. PoCs published by h4cky.
AI-analyzed exploit summary The exploit demonstrates multiple XSS vulnerabilities in PHPFreeNews by injecting arbitrary script code via unsanitized input parameters in the SearchResults.php page. The PoC includes four distinct payloads targeting different parameters (Match, NewsMode, CatID).
Description
Multiple cross-site scripting (XSS) vulnerabilities in PHPFreeNews 1.40 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) NewsMode parameter to NewsCategoryForm.php, or the (2) Match or (3) NewsMode parameter to SearchResults.php.
Exploits (2)
The exploit demonstrates multiple XSS vulnerabilities in PHPFreeNews by injecting arbitrary script code via unsanitized input parameters in the SearchResults.php page. The PoC includes four distinct payloads targeting different parameters (Match, NewsMode, CatID).
This exploit demonstrates a cross-site scripting (XSS) vulnerability in PHPFreeNews due to improper input sanitization. The PoC provides a URL with injected JavaScript that triggers an alert, confirming the vulnerability.