• Product Information
• Security Products Overview
• Juniper Networks ISG Series
• IDP Demo
• Product Poster & Z-Card 

Title: PHPX Multiple Vulnerabilities

Severity: HIGH

Description:

PHPX is a PHP-based content management system.

Multiple vulnerabilities were reported in PHPX. The specific issues include cross-site scripting, HTML injection and account hijacking via specially crafted cookies.

Two cross-site scripting issues exist in the main.inc.php and help.inc.php scripts. These are due to insufficient sanitization of input supplied via URI parameters. In particular, main.inc.php does not sanitize input supplied to the 'keywords' parameter while help.inc.php does not sanitize input supplied to the 'body' parameter. An attacker could exploit these issues by enticing a victim user to follow a malicious link that includes embedded HTML and script code. This would mostly likely result in cookie theft though other attacks are also possible.

HTML injection issues exist in the 'Subject' field for Personal Messages and the Forum. This could permit a user of the software to persistently inject hostile HTML and script code into the content management system. The attacker could exploit this to steal cookies but it would also be possible to influence site content.

An account hijacking vulnerability was reported due to insufficient validation of values embedded in user-supplied cookies. Specifically, the PXL cookie value corresponds to the userID and may be changed to an arbitrary value, resulting in hijacking of other user and administrative accounts.

These issues were reported to exist in PHPX 3.2.3. Earlier versions are also likely affected.

Affected Products:

• PHPX PHPX 3.2.3

References:

• PHPX: PHPX Homepage

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.