CVE-2005-2721
Foojan PHP Weblog - Cross-Site Scripting via HTTP Referer Header
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2005-2721. PoCs published by ali202.
AI-analyzed exploit summary The code describes an HTML injection vulnerability in Foojan PHPWeblog due to improper sanitization of user-supplied input. The issue lies in the `gmain.php` file where the `HTTP_USER_AGENT` and `HTTP_REFERER` values are directly inserted into the database without sanitization.
Description
Multiple cross-site scripting (XSS) vulnerabilities in (1) index.php or (2) admin.php in Foojan PHP Weblog allow remote attackers to inject arbitrary web script or HTML via the Referer field in the HTTP header.
Exploits (1)
The code describes an HTML injection vulnerability in Foojan PHPWeblog due to improper sanitization of user-supplied input. The issue lies in the `gmain.php` file where the `HTTP_USER_AGENT` and `HTTP_REFERER` values are directly inserted into the database without sanitization.