Simple PHP Blog Multiple Cross-Site Scripting Vulnerabilities
BID:25802
Info
Simple PHP Blog Multiple Cross-Site Scripting Vulnerabilities
| Bugtraq ID: | 25802 |
| Class: | Input Validation Error |
| CVE: |
CVE-2007-5072 |
| Remote: | Yes |
| Local: | No |
| Published: | Sep 25 2007 12:00AM |
| Updated: | May 07 2015 05:35PM |
| Credit: | The vendor disclosed these issues. |
| Vulnerable: |
Simple PHP Blog Simple PHP Blog 0.5.1 Simple PHP Blog Simple PHP Blog 0.4.8 Simple PHP Blog Simple PHP Blog 0.4.7 Simple PHP Blog Simple PHP Blog 0.4.6 Simple PHP Blog Simple PHP Blog 0.4.5 Simple PHP Blog Simple PHP Blog 0.4 Simple PHP Blog Simple PHP Blog 0.5.0.1 Simple PHP Blog Simple PHP Blog 0.4.7.1 |
| Not Vulnerable: | |
Discussion
Simple PHP Blog Multiple Cross-Site Scripting Vulnerabilities
Simple PHP Blog is prone to multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied input.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
These issues affect Simple PHP Blog 0.5.0.1, 0.4.8, and prior versions.
Simple PHP Blog is prone to multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied input.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
These issues affect Simple PHP Blog 0.5.0.1, 0.4.8, and prior versions.
Exploit / POC
Simple PHP Blog Multiple Cross-Site Scripting Vulnerabilities
An attacker can exploit these issues by enticing an unsuspecting user to follow a malicious URI.
An attacker can exploit these issues by enticing an unsuspecting user to follow a malicious URI.
Solution / Fix
Simple PHP Blog Multiple Cross-Site Scripting Vulnerabilities
Solution:
The vendor released an update to address these issues. Please see the references for more information.
Simple PHP Blog Simple PHP Blog 0.5.0.1
Simple PHP Blog Simple PHP Blog 0.4.7.1
Simple PHP Blog Simple PHP Blog 0.4
Simple PHP Blog Simple PHP Blog 0.4.5
Simple PHP Blog Simple PHP Blog 0.4.6
Simple PHP Blog Simple PHP Blog 0.4.7
Simple PHP Blog Simple PHP Blog 0.4.8
Solution:
The vendor released an update to address these issues. Please see the references for more information.
Simple PHP Blog Simple PHP Blog 0.5.0.1
-
Cuyahoga sphpblog_0511.zip
http://downloads.sourceforge.net/sphpblog/sphpblog_0511.zip?modtime=11 90545104&big_mirror=0
Simple PHP Blog Simple PHP Blog 0.4.7.1
-
Cuyahoga sphpblog_0511.zip
http://downloads.sourceforge.net/sphpblog/sphpblog_0511.zip?modtime=11 90545104&big_mirror=0
Simple PHP Blog Simple PHP Blog 0.4
-
Cuyahoga sphpblog_0511.zip
http://downloads.sourceforge.net/sphpblog/sphpblog_0511.zip?modtime=11 90545104&big_mirror=0
Simple PHP Blog Simple PHP Blog 0.4.5
-
Cuyahoga sphpblog_0511.zip
http://downloads.sourceforge.net/sphpblog/sphpblog_0511.zip?modtime=11 90545104&big_mirror=0
Simple PHP Blog Simple PHP Blog 0.4.6
-
Cuyahoga sphpblog_0511.zip
http://downloads.sourceforge.net/sphpblog/sphpblog_0511.zip?modtime=11 90545104&big_mirror=0
Simple PHP Blog Simple PHP Blog 0.4.7
-
Cuyahoga sphpblog_0511.zip
http://downloads.sourceforge.net/sphpblog/sphpblog_0511.zip?modtime=11 90545104&big_mirror=0
Simple PHP Blog Simple PHP Blog 0.4.8
-
Cuyahoga sphpblog_0511.zip
http://downloads.sourceforge.net/sphpblog/sphpblog_0511.zip?modtime=11 90545104&big_mirror=0
References
Simple PHP Blog Multiple Cross-Site Scripting Vulnerabilities
References:
References:
- Released: SimplePHPBlog 0.5.1 (Simple PHP Blog)
- Simple PHP Blog Home Page (Alexander Palmo)
- Simple PHP Blog Multiple Vulnerabilities ([email protected])