CVE-2010-4607

EIP tracks 1 public exploit for CVE-2010-4607. PoCs published by High-Tech Bridge SA.

AI-analyzed exploit summary The document describes multiple vulnerabilities in Habari 0.6.5, including path disclosure and XSS vulnerabilities. It provides PoC URLs but no executable exploit code.

Multiple cross-site scripting (XSS) vulnerabilities in Habari 0.6.5, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) additem_form parameter to system/admin/dash_additem.php and the (2) status_data[] parameter to system/admin/dash_status.php. NOTE: some of these details are obtained from third party information.