Family: CGI abuses --> Category: attack
phpWebLog Cross Site Scripting Vulnerability Scan
Vulnerability Scan Summary
Searches for the existence of a phpWebLog XSS
Detailed Explanation for this Vulnerability Test
The remote web server contains PHP scripts that are prone to several
flaws, including possibly arbitrary code execution.
The remote host is running phpWebLog, a news and content management
system written in PHP.
Due to improper filtering done by 'search.php' a remote attacker can
A possible hacker may use this bug to perform a cross site scripting attack
using the remote host. There are also reportedly two flaws that, if
PHP's 'register_globals' setting is enabled, allow for local file
disclosure and arbitrary code execution.
See also :
Disable this script.
Medium / CVSS Base Score : 6
Click HERE for more information and discussions on this network vulnerability scan.