PHPMyVisites Multiple Input Validation Vulnerabilities

Bugtraq ID:	22516
Class:	Input Validation Error
CVE:	CVE-2007-0893 CVE-2007-0891
Remote:	Yes
Local:	No
Published:	Feb 12 2007 12:00AM
Updated:	Jul 05 2016 10:21PM
Credit:	These vulnerabilities were reported by Nicob.
Vulnerable:	phpMyVisites phpMyVisites 1.3 phpMyVisites phpMyVisites 1.2.2 phpMyVisites phpMyVisites 1.2.1 phpMyVisites phpMyVisites 1.2 phpMyVisites phpMyVisites 1.1 phpMyVisites phpMyVisites 1.0 phpMyVisites phpMyVisites 2.1 phpMyVisites phpMyVisites 2.0
Not Vulnerable:	phpMyVisites phpMyVisites 2.3 beta 2 phpMyVisites phpMyVisites 2.2 stable

PHPMyVisites Multiple Input Validation Vulnerabilities

phpMyVisites is prone to multiple input-validation vulnerabilities, including an HTTP-response-splitting issue, a cross-site scripting issue, and a local file-include issue, because it fails to properly sanitize user-supplied input.

An attacker may leverage these issues to:

- Influence or misrepresent how web content is served, cached, or interpreted
- Execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site
- Execute local script code in the context of the application.

This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

Versions prior to 2.2 Stable are vulnerable.

PHPMyVisites Multiple Input Validation Vulnerabilities

Attackers can exploit these issues via a web client.

The following proof-of-concept URIs are available:

• /data/vulnerabilities/exploits/22526.html

PHPMyVisites Multiple Input Validation Vulnerabilities

Solution:
The vendor has released version 2.2 Stable to address this issue. Please see the references for more information.


phpMyVisites phpMyVisites 2.0

• phpMyVisites phpmyvisites_2_2.zip
  http://www.phpmyvisites.net/phpmv2/phpmyvisites.php?url=http%3A%2F%2Fw ww.phpmyvisites.net%2Fdl.php%3Fid=phpmyvisites_2_2.zip&pagename=FILE:p hpmyvisites%20downloads/phpmyvisites_2_2.zip&id=1

phpMyVisites phpMyVisites 2.1

• phpMyVisites phpmyvisites_2_2.zip
  http://www.phpmyvisites.net/phpmv2/phpmyvisites.php?url=http%3A%2F%2Fw ww.phpmyvisites.net%2Fdl.php%3Fid=phpmyvisites_2_2.zip&pagename=FILE:p hpmyvisites%20downloads/phpmyvisites_2_2.zip&id=1

phpMyVisites phpMyVisites 1.0

• phpMyVisites phpmyvisites_2_2.zip
  http://www.phpmyvisites.net/phpmv2/phpmyvisites.php?url=http%3A%2F%2Fw ww.phpmyvisites.net%2Fdl.php%3Fid=phpmyvisites_2_2.zip&pagename=FILE:p hpmyvisites%20downloads/phpmyvisites_2_2.zip&id=1

phpMyVisites phpMyVisites 1.1

• phpMyVisites phpmyvisites_2_2.zip
  http://www.phpmyvisites.net/phpmv2/phpmyvisites.php?url=http%3A%2F%2Fw ww.phpmyvisites.net%2Fdl.php%3Fid=phpmyvisites_2_2.zip&pagename=FILE:p hpmyvisites%20downloads/phpmyvisites_2_2.zip&id=1

phpMyVisites phpMyVisites 1.2

• phpMyVisites phpmyvisites_2_2.zip
  http://www.phpmyvisites.net/phpmv2/phpmyvisites.php?url=http%3A%2F%2Fw ww.phpmyvisites.net%2Fdl.php%3Fid=phpmyvisites_2_2.zip&pagename=FILE:p hpmyvisites%20downloads/phpmyvisites_2_2.zip&id=1

phpMyVisites phpMyVisites 1.2.1

• phpMyVisites phpmyvisites_2_2.zip
  http://www.phpmyvisites.net/phpmv2/phpmyvisites.php?url=http%3A%2F%2Fw ww.phpmyvisites.net%2Fdl.php%3Fid=phpmyvisites_2_2.zip&pagename=FILE:p hpmyvisites%20downloads/phpmyvisites_2_2.zip&id=1

phpMyVisites phpMyVisites 1.2.2

• phpMyVisites phpmyvisites_2_2.zip
  http://www.phpmyvisites.net/phpmv2/phpmyvisites.php?url=http%3A%2F%2Fw ww.phpmyvisites.net%2Fdl.php%3Fid=phpmyvisites_2_2.zip&pagename=FILE:p hpmyvisites%20downloads/phpmyvisites_2_2.zip&id=1

phpMyVisites phpMyVisites 1.3

• phpMyVisites phpmyvisites_2_2.zip
  http://www.phpmyvisites.net/phpmv2/phpmyvisites.php?url=http%3A%2F%2Fw ww.phpmyvisites.net%2Fdl.php%3Fid=phpmyvisites_2_2.zip&pagename=FILE:p hpmyvisites%20downloads/phpmyvisites_2_2.zip&id=1

PHPMyVisites Multiple Input Validation Vulnerabilities

References:

• phpMyVisites Homepage (phpMyVisites)
  
• Multiple vulnerabilities in phpMyVisites (Nicob)