CVE-2006-1888

Severity CVSS v4.0:
Pending analysis
Type:
CWE-264 Permissions, Privileges, and Access Control
Publication date:
20/04/2006
Last modified:
03/04/2025

Description

phpGraphy 0.9.11 and earlier allows remote attackers to bypass authentication and gain administrator privileges via a direct request to index.php with the editwelcome parameter set to 1, which can then be used to modify the main page to inject arbitrary HTML and web script. NOTE: XSS attacks are resultant from this issue, since normal functionality allows the admin to modify pages.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:phpgraphy:phpgraphy:*:*:*:*:*:*:*:* 0.9.11 (including)
cpe:2.3:a:phpgraphy:phpgraphy:0.9.9a:*:*:*:*:*:*:*
cpe:2.3:a:phpgraphy:phpgraphy:0.9.10:*:*:*:*:*:*:*