Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:		12.01.2008
Source:
SecurityVulns ID:		8557
Type:		remote
Level:		5/10
Description:		PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected:		MTCMS : MTCMS 2.0
		MOODLE : Moodle 1.8
CVE:		CVE-2008-0123 (Cross-site scripting (XSS) vulnerability in install.php for Moodle 1.8.3, and possibly other versions before 1.8.4, allows remote attackers to inject arbitrary web script or HTML via the dbname parameter. NOTE: this issue only exists until the installation is complete.)

Original document		rlavertu, [Full-disclosure] ID-Commerce Security Advisory - SLR-2007-001 (12.01.2008)
		Hanno Bock, [Full-disclosure] Cross site scripting (XSS) in Moodle 1.8.3 (12.01.2008)
		morin.josh_(at)_gmail.com, Naymz multiple XSS (12.01.2008)
		ship_nx_(at)_yahoo.com, Member Area System (MAS) Remote File Include Vulnerability (view_func.php) (12.01.2008)
		db_(at)_rawsecurity.org, ImageAlbum Remote SQL Injection Vulnerabilities (12.01.2008)
		hadihadi_zedehal_2006_(at)_yahoo.com, MTCMS <=2.0 SQL Injection Vulnerbility (12.01.2008)

Discuss:

Read or add your comments to this news (0 comments)