CVE-2006-1645

ReloadCMS <1.2.5 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in Anton Vlasov and Rostislav Gaitkuloff ReloadCMS 1.2.5 and earlier allows remote attackers to inject arbitrary web script or HTML and gain leverage to execute arbitrary PHP code via the User-Agent HTTP header, which is displayed by admin/modules/general/statistic.php in the administration panel.

Exploits (1)

exploitdb WORKING POC VERIFIED

by rgod · phpwebappsphp

https://www.exploit-db.com/exploits/1631

View Code ZIP pw:eip

References (6)

[Vendor Advisory] http://secunia.com/advisories/19470

[Exploit] http://www.securityfocus.com/bid/17353

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/25604

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/429666/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.osvdb.org/24327

[Third Party Advisory] http://www.vupen.com/english/advisories/2006/1193

Scores

EPSS 0.0073

EPSS Percentile 72.6%

Details

Status published

Products (7)

reloadcms/reloadcms 1.2.0

reloadcms/reloadcms 1.2.0_p1

reloadcms/reloadcms 1.2.1

reloadcms/reloadcms 1.2.2

reloadcms/reloadcms 1.2.3

reloadcms/reloadcms 1.2.4

reloadcms/reloadcms 1.2.5

Published Apr 06, 2006

Tracked Since Feb 18, 2026