CVE-2006-0806

EPSS 5.9%

Multiple cross-site scripting (XSS) vulnerabilities in ADOdb 4.71, as used in multiple packages such as phpESP, allow remote attackers to inject arbitrary web script or HTML via (1) the next_page parameter in adodb-pager.inc.php and (2) other unspecified vectors related to PHP_SELF.

Affected products

n/a · n/a

public PoCs found — 1

exploitdbwww.exploit-db.com/exploits/43832unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://phpesp.cvs.sourceforge.net/phpesp/phpESP/admin/include/lib/adodb/adodb-pager.inc.php?r1=1.1&r2=1.2 http://secunia.com/advisories/18928 http://secunia.com/advisories/19555 http://secunia.com/advisories/19590 http://secunia.com/advisories/19591 http://secunia.com/advisories/19691 http://securityreason.com/securityalert/452 http://sourceforge.net/project/shownotes.php?release_id=419843&group_id=8956 http://www.debian.org/security/2006/dsa-1029 http://www.debian.org/security/2006/dsa-1030 http://www.debian.org/security/2006/dsa-1031 http://www.gentoo.org/security/en/glsa/glsa-200604-07.xml