CVE-2006-1645

Cross-site scripting (XSS) vulnerability in Anton Vlasov and Rostislav Gaitkuloff ReloadCMS 1.2.5 and earlier allows remote attackers to inject arbitrary web script or HTML and gain leverage to execute arbitrary PHP code via the User-Agent HTTP header, which is displayed by admin/modules/general/statistic.php in the administration panel.

Published: Apr 6, 2006
Updated: Apr 13, 2023
CVE: CVE-2006-1645
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
reloadcms / reloadcms	1.2.0	1.2.0.x
reloadcms / reloadcms	1.2.1	1.2.1.x
reloadcms / reloadcms	1.2.5	1.2.5.x
reloadcms / reloadcms	1.2.3	1.2.3.x
reloadcms / reloadcms	1.2.4	1.2.4.x
reloadcms / reloadcms	1.2.0_p1	1.2.0_p1.x
reloadcms / reloadcms	1.2.2	1.2.2.x

http://secunia.com/advisories/19470
http://www.osvdb.org/24327
http://www.securityfocus.com/archive/1/429666/100/0/threaded
http://www.securityfocus.com/bid/17353
http://www.vupen.com/english/advisories/2006/1193
https://exchange.xforce.ibmcloud.com/vulnerabilities/25604

Vulnerability Database

CVE-2006-1645