Search criteria
6 vulnerabilities found for phprog by comscripts
FKIE_CVE-2006-4753
Vulnerability from fkie_nvd - Published: 2006-09-13 22:07 - Updated: 2026-04-16 00:27
Severity
Summary
Directory traversal vulnerability in index.php in PHProg before 1.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| comscripts | phprog | 1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:comscripts:phprog:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "873263FF-913C-4A86-AEF2-D85BF3685406",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in index.php in PHProg before 1.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de atravesamiento de directorios en index.php en PHProg anterior a 1.1 permite a un atacante remoto leer fichero de su elecci\u00f3n a trav\u00e9s de la secuencia ..(punto punto) en par\u00e1metro lang."
}
],
"evaluatorSolution": "This vulnerability is addressed in the following product release:\r\nComScripts, PHProg, 1.1",
"id": "CVE-2006-4753",
"lastModified": "2026-04-16T00:27:16.627",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-09-13T22:07:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=full-disclosure\u0026m=115796646100433\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21849"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.comscripts.com/scripts/php.phprog-album-photo-php.2117.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory",
"URL Repurposed"
],
"url": "http://www.pconfig.com/cdg393/adviso/PHProg.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/19957"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28847"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=full-disclosure\u0026m=115796646100433\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21849"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.comscripts.com/scripts/php.phprog-album-photo-php.2117.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory",
"URL Repurposed"
],
"url": "http://www.pconfig.com/cdg393/adviso/PHProg.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/19957"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28847"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2006-4754
Vulnerability from fkie_nvd - Published: 2006-09-13 22:07 - Updated: 2026-04-16 00:27
Severity
Summary
Cross-site scripting (XSS) vulnerability in index.php in PHProg before 1.1 allows remote attackers to inject arbitrary web script or HTML via the album parameter, which is used in an opendir call. NOTE: the same primary issue can be used for full path disclosure with an invalid parameter that reveals the installation path in an error message.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| comscripts | phprog | 1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:comscripts:phprog:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "873263FF-913C-4A86-AEF2-D85BF3685406",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in index.php in PHProg before 1.1 allows remote attackers to inject arbitrary web script or HTML via the album parameter, which is used in an opendir call. NOTE: the same primary issue can be used for full path disclosure with an invalid parameter that reveals the installation path in an error message."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en index.php en PHProg anterior a 1.1, permite a un atacante remoto inyectar secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s del par\u00e1metro album, el cual se usa en una llamada a opendir. NOTA: la misma publicaci\u00f3n primaria se puede utilizar para el acceso completo de la trayectoria con un par\u00e1metro no v\u00e1lido que revele la ruta deinstalaci\u00f3n en un mensaje de error."
}
],
"evaluatorSolution": "This vulnerability is addressed in the following product release:\r\nComScripts, PHProg, 1.1",
"id": "CVE-2006-4754",
"lastModified": "2026-04-16T00:27:16.627",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-09-13T22:07:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=full-disclosure\u0026m=115796646100433\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21849"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.comscripts.com/scripts/php.phprog-album-photo-php.2117.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory",
"URL Repurposed"
],
"url": "http://www.pconfig.com/cdg393/adviso/PHProg.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/19957"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28845"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28846"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=full-disclosure\u0026m=115796646100433\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21849"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.comscripts.com/scripts/php.phprog-album-photo-php.2117.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory",
"URL Repurposed"
],
"url": "http://www.pconfig.com/cdg393/adviso/PHProg.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/19957"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28845"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28846"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2006-4754 (GCVE-0-2006-4754)
Vulnerability from nvd – Published: 2006-09-13 22:00 – Updated: 2024-08-07 19:23
VLAI
Summary
Cross-site scripting (XSS) vulnerability in index.php in PHProg before 1.1 allows remote attackers to inject arbitrary web script or HTML via the album parameter, which is used in an opendir call. NOTE: the same primary issue can be used for full path disclosure with an invalid parameter that reveals the installation path in an error message.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://www.pconfig.com/cdg393/adviso/PHProg.txt | x_refsource_MISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/bid/19957 | vdb-entryx_refsource_BID |
| http://marc.info/?l=full-disclosure&m=11579664610… | mailing-listx_refsource_FULLDISC |
| http://secunia.com/advisories/21849 | third-party-advisoryx_refsource_SECUNIA |
| http://www.comscripts.com/scripts/php.phprog-albu… | x_refsource_CONFIRM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2006-09-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:23:41.146Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.pconfig.com/cdg393/adviso/PHProg.txt"
},
{
"name": "phprog-index-xss(28846)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28846"
},
{
"name": "19957",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19957"
},
{
"name": "20060911 PHProg : Local File Inclusion + XSS + Full path",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=115796646100433\u0026w=2"
},
{
"name": "21849",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21849"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.comscripts.com/scripts/php.phprog-album-photo-php.2117.html"
},
{
"name": "phprog-index-path-disclosure(28845)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28845"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-09-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in index.php in PHProg before 1.1 allows remote attackers to inject arbitrary web script or HTML via the album parameter, which is used in an opendir call. NOTE: the same primary issue can be used for full path disclosure with an invalid parameter that reveals the installation path in an error message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.pconfig.com/cdg393/adviso/PHProg.txt"
},
{
"name": "phprog-index-xss(28846)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28846"
},
{
"name": "19957",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19957"
},
{
"name": "20060911 PHProg : Local File Inclusion + XSS + Full path",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=115796646100433\u0026w=2"
},
{
"name": "21849",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21849"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.comscripts.com/scripts/php.phprog-album-photo-php.2117.html"
},
{
"name": "phprog-index-path-disclosure(28845)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28845"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4754",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in index.php in PHProg before 1.1 allows remote attackers to inject arbitrary web script or HTML via the album parameter, which is used in an opendir call. NOTE: the same primary issue can be used for full path disclosure with an invalid parameter that reveals the installation path in an error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.pconfig.com/cdg393/adviso/PHProg.txt",
"refsource": "MISC",
"url": "http://www.pconfig.com/cdg393/adviso/PHProg.txt"
},
{
"name": "phprog-index-xss(28846)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28846"
},
{
"name": "19957",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19957"
},
{
"name": "20060911 PHProg : Local File Inclusion + XSS + Full path",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure\u0026m=115796646100433\u0026w=2"
},
{
"name": "21849",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21849"
},
{
"name": "http://www.comscripts.com/scripts/php.phprog-album-photo-php.2117.html",
"refsource": "CONFIRM",
"url": "http://www.comscripts.com/scripts/php.phprog-album-photo-php.2117.html"
},
{
"name": "phprog-index-path-disclosure(28845)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28845"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4754",
"datePublished": "2006-09-13T22:00:00.000Z",
"dateReserved": "2006-09-13T00:00:00.000Z",
"dateUpdated": "2024-08-07T19:23:41.146Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-4753 (GCVE-0-2006-4753)
Vulnerability from nvd – Published: 2006-09-13 22:00 – Updated: 2024-08-07 19:23
VLAI
Summary
Directory traversal vulnerability in index.php in PHProg before 1.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.pconfig.com/cdg393/adviso/PHProg.txt | x_refsource_MISC |
| http://www.securityfocus.com/bid/19957 | vdb-entryx_refsource_BID |
| http://marc.info/?l=full-disclosure&m=11579664610… | mailing-listx_refsource_FULLDISC |
| http://secunia.com/advisories/21849 | third-party-advisoryx_refsource_SECUNIA |
| http://www.comscripts.com/scripts/php.phprog-albu… | x_refsource_CONFIRM |
Date Public
2006-09-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:23:41.145Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "phprog-index-file-include(28847)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28847"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.pconfig.com/cdg393/adviso/PHProg.txt"
},
{
"name": "19957",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19957"
},
{
"name": "20060911 PHProg : Local File Inclusion + XSS + Full path",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=115796646100433\u0026w=2"
},
{
"name": "21849",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21849"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.comscripts.com/scripts/php.phprog-album-photo-php.2117.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-09-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in index.php in PHProg before 1.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "phprog-index-file-include(28847)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28847"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.pconfig.com/cdg393/adviso/PHProg.txt"
},
{
"name": "19957",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19957"
},
{
"name": "20060911 PHProg : Local File Inclusion + XSS + Full path",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=115796646100433\u0026w=2"
},
{
"name": "21849",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21849"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.comscripts.com/scripts/php.phprog-album-photo-php.2117.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4753",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in index.php in PHProg before 1.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "phprog-index-file-include(28847)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28847"
},
{
"name": "http://www.pconfig.com/cdg393/adviso/PHProg.txt",
"refsource": "MISC",
"url": "http://www.pconfig.com/cdg393/adviso/PHProg.txt"
},
{
"name": "19957",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19957"
},
{
"name": "20060911 PHProg : Local File Inclusion + XSS + Full path",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure\u0026m=115796646100433\u0026w=2"
},
{
"name": "21849",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21849"
},
{
"name": "http://www.comscripts.com/scripts/php.phprog-album-photo-php.2117.html",
"refsource": "CONFIRM",
"url": "http://www.comscripts.com/scripts/php.phprog-album-photo-php.2117.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4753",
"datePublished": "2006-09-13T22:00:00.000Z",
"dateReserved": "2006-09-13T00:00:00.000Z",
"dateUpdated": "2024-08-07T19:23:41.145Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-4754 (GCVE-0-2006-4754)
Vulnerability from cvelistv5 – Published: 2006-09-13 22:00 – Updated: 2024-08-07 19:23
VLAI
Summary
Cross-site scripting (XSS) vulnerability in index.php in PHProg before 1.1 allows remote attackers to inject arbitrary web script or HTML via the album parameter, which is used in an opendir call. NOTE: the same primary issue can be used for full path disclosure with an invalid parameter that reveals the installation path in an error message.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://www.pconfig.com/cdg393/adviso/PHProg.txt | x_refsource_MISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/bid/19957 | vdb-entryx_refsource_BID |
| http://marc.info/?l=full-disclosure&m=11579664610… | mailing-listx_refsource_FULLDISC |
| http://secunia.com/advisories/21849 | third-party-advisoryx_refsource_SECUNIA |
| http://www.comscripts.com/scripts/php.phprog-albu… | x_refsource_CONFIRM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2006-09-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:23:41.146Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.pconfig.com/cdg393/adviso/PHProg.txt"
},
{
"name": "phprog-index-xss(28846)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28846"
},
{
"name": "19957",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19957"
},
{
"name": "20060911 PHProg : Local File Inclusion + XSS + Full path",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=115796646100433\u0026w=2"
},
{
"name": "21849",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21849"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.comscripts.com/scripts/php.phprog-album-photo-php.2117.html"
},
{
"name": "phprog-index-path-disclosure(28845)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28845"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-09-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in index.php in PHProg before 1.1 allows remote attackers to inject arbitrary web script or HTML via the album parameter, which is used in an opendir call. NOTE: the same primary issue can be used for full path disclosure with an invalid parameter that reveals the installation path in an error message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.pconfig.com/cdg393/adviso/PHProg.txt"
},
{
"name": "phprog-index-xss(28846)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28846"
},
{
"name": "19957",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19957"
},
{
"name": "20060911 PHProg : Local File Inclusion + XSS + Full path",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=115796646100433\u0026w=2"
},
{
"name": "21849",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21849"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.comscripts.com/scripts/php.phprog-album-photo-php.2117.html"
},
{
"name": "phprog-index-path-disclosure(28845)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28845"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4754",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in index.php in PHProg before 1.1 allows remote attackers to inject arbitrary web script or HTML via the album parameter, which is used in an opendir call. NOTE: the same primary issue can be used for full path disclosure with an invalid parameter that reveals the installation path in an error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.pconfig.com/cdg393/adviso/PHProg.txt",
"refsource": "MISC",
"url": "http://www.pconfig.com/cdg393/adviso/PHProg.txt"
},
{
"name": "phprog-index-xss(28846)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28846"
},
{
"name": "19957",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19957"
},
{
"name": "20060911 PHProg : Local File Inclusion + XSS + Full path",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure\u0026m=115796646100433\u0026w=2"
},
{
"name": "21849",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21849"
},
{
"name": "http://www.comscripts.com/scripts/php.phprog-album-photo-php.2117.html",
"refsource": "CONFIRM",
"url": "http://www.comscripts.com/scripts/php.phprog-album-photo-php.2117.html"
},
{
"name": "phprog-index-path-disclosure(28845)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28845"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4754",
"datePublished": "2006-09-13T22:00:00.000Z",
"dateReserved": "2006-09-13T00:00:00.000Z",
"dateUpdated": "2024-08-07T19:23:41.146Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-4753 (GCVE-0-2006-4753)
Vulnerability from cvelistv5 – Published: 2006-09-13 22:00 – Updated: 2024-08-07 19:23
VLAI
Summary
Directory traversal vulnerability in index.php in PHProg before 1.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.pconfig.com/cdg393/adviso/PHProg.txt | x_refsource_MISC |
| http://www.securityfocus.com/bid/19957 | vdb-entryx_refsource_BID |
| http://marc.info/?l=full-disclosure&m=11579664610… | mailing-listx_refsource_FULLDISC |
| http://secunia.com/advisories/21849 | third-party-advisoryx_refsource_SECUNIA |
| http://www.comscripts.com/scripts/php.phprog-albu… | x_refsource_CONFIRM |
Date Public
2006-09-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:23:41.145Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "phprog-index-file-include(28847)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28847"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.pconfig.com/cdg393/adviso/PHProg.txt"
},
{
"name": "19957",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19957"
},
{
"name": "20060911 PHProg : Local File Inclusion + XSS + Full path",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=115796646100433\u0026w=2"
},
{
"name": "21849",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21849"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.comscripts.com/scripts/php.phprog-album-photo-php.2117.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-09-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in index.php in PHProg before 1.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "phprog-index-file-include(28847)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28847"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.pconfig.com/cdg393/adviso/PHProg.txt"
},
{
"name": "19957",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19957"
},
{
"name": "20060911 PHProg : Local File Inclusion + XSS + Full path",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=115796646100433\u0026w=2"
},
{
"name": "21849",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21849"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.comscripts.com/scripts/php.phprog-album-photo-php.2117.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4753",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in index.php in PHProg before 1.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "phprog-index-file-include(28847)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28847"
},
{
"name": "http://www.pconfig.com/cdg393/adviso/PHProg.txt",
"refsource": "MISC",
"url": "http://www.pconfig.com/cdg393/adviso/PHProg.txt"
},
{
"name": "19957",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19957"
},
{
"name": "20060911 PHProg : Local File Inclusion + XSS + Full path",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure\u0026m=115796646100433\u0026w=2"
},
{
"name": "21849",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21849"
},
{
"name": "http://www.comscripts.com/scripts/php.phprog-album-photo-php.2117.html",
"refsource": "CONFIRM",
"url": "http://www.comscripts.com/scripts/php.phprog-album-photo-php.2117.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4753",
"datePublished": "2006-09-13T22:00:00.000Z",
"dateReserved": "2006-09-13T00:00:00.000Z",
"dateUpdated": "2024-08-07T19:23:41.145Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}