Summary
| Detail | |||
|---|---|---|---|
| Vendor | Phpsysinfo | First view | 2003-08-18 |
| Product | Phpsysinfo | Last view | 2007-07-30 |
| Version | 2.1 | Type | Application |
| Update | * | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:phpsysinfo:phpsysinfo | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 4.3 | 2007-07-30 | CVE-2007-4048 | Cross-site scripting (XSS) vulnerability in index.php in phpSysInfo 2.5.4-dev and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. |
| 5 | 2006-07-06 | CVE-2006-3360 | Directory traversal vulnerability in index.php in phpSysInfo 2.5.1 allows remote attackers to determine the existence of arbitrary files via a .. (dot dot) sequence and a trailing null (%00) byte in the lng parameter, which will display a different error message if the file exists. |
| 4.3 | 2005-11-17 | CVE-2005-3348 | HTTP response splitting vulnerability in index.php in phpSysInfo 2.4 and earlier, as used in phpgroupware 0.9.16 and earlier, and egroupware before 1.0.0.009, allows remote attackers to spoof web content and poison web caches via CRLF sequences in the charset parameter. |
| 3.6 | 2003-08-18 | CVE-2003-0536 | Directory traversal vulnerability in phpSysInfo 2.1 and earlier allows attackers with write access to a local directory to read arbitrary files as the PHP user or cause a denial of service via .. (dot dot) sequences in the (1) template or (2) lng parameters. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 50% (1) | CWE-352 | Cross-Site Request Forgery (CSRF) |
| 50% (1) | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path ... |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 36601 | phpSysInfo index.php PATH_INFO Parameter XSS |
| 36467 | phpSysInfo index.php PATH_INFO XSS |
| 27015 | phpSysInfo index.php lng Variable Traversal File Existence Enumeration |
| 20821 | phpSysInfo index.php HTTP Response Splitting |
| 8928 | phpSysInfo Multiple Parameter Traversal Arbitrary File Access |
OpenVAS Exploits
| id | Description |
|---|---|
| 2008-09-24 | Name : Gentoo Security Advisory GLSA 200311-07 (phpSysInfo) File : nvt/glsa_200311_07.nasl |
| 2008-09-24 | Name : Gentoo Security Advisory GLSA 200511-18 (phpsysinfo) File : nvt/glsa_200511_18.nasl |
| 2008-09-04 | Name : FreeBSD Ports: phpSysInfo File : nvt/freebsd_phpSysInfo0.nasl |
| 2008-09-04 | Name : FreeBSD Ports: phpSysInfo File : nvt/freebsd_phpSysInfo1.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 346-1 (phpsysinfo) File : nvt/deb_346_1.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 897-1 (phpsysinfo) File : nvt/deb_897_1.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 898-1 (phpgroupware) File : nvt/deb_898_1.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 899-1 (egroupware) File : nvt/deb_899_1.nasl |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2006-10-14 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-897.nasl - Type: ACT_GATHER_INFO |
| 2006-10-14 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-898.nasl - Type: ACT_GATHER_INFO |
| 2006-10-14 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-899.nasl - Type: ACT_GATHER_INFO |
| 2005-12-07 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-200511-18.nasl - Type: ACT_GATHER_INFO |
| 2005-11-16 | Name: The remote web server contains a PHP application that is affected by multiple... File: phpsysinfo_241.nasl - Type: ACT_GATHER_INFO |
| 2004-09-29 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-346.nasl - Type: ACT_GATHER_INFO |
