CVE-2006-0703

imageVue 16.1 - Cross-Site Scripting via bgcol Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-0703. PoCs published by zjieb.

AI-analyzed exploit summary The provided text describes multiple vulnerabilities in ImageVue, including unauthorized file uploads, authentication bypass, and content injection. It references a specific parameter (`bgcol`) but lacks executable exploit code.

Description

Unspecified vulnerability in index.php in imageVue 16.1 has unknown impact, probably a cross-site scripting (XSS) vulnerability involving the query string that is not quoted when inserted into style and body tags, as demonstrated using a bgcol parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED

by zjieb · textwebappsphp

https://www.exploit-db.com/exploits/27199

View Code ZIP pw:eip

The provided text describes multiple vulnerabilities in ImageVue, including unauthorized file uploads, authentication bypass, and content injection. It references a specific parameter (`bgcol`) but lacks executable exploit code.

Classification

Writeup 90%

Attack Type

Other

Complexity

Trivial

Reliability

Theoretical

Target: ImageVue (version unspecified)

No auth needed

Prerequisites: Access to the target web application

MITRE ATT&CK