Shodan
Vulnerabilities
Vulnerable Software
Phpsysinfo:  >> Phpsysinfo  Security Vulnerabilities
CVE-2023-49006
Cross Site Request Forgery (CSRF) vulnerability in Phpsysinfo version 3.4.3 allows a remote attacker to obtain sensitive information via a crafted page in the XML.php file.
CVSS Score
6.5
EPSS Score
0.002
Published
2023-12-19
CVE-2007-4048
Cross-site scripting (XSS) vulnerability in index.php in phpSysInfo 2.5.4-dev and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
CVSS Score
4.3
EPSS Score
0.005
Published
2007-07-30
CVE-2006-3360
Directory traversal vulnerability in index.php in phpSysInfo 2.5.1 allows remote attackers to determine the existence of arbitrary files via a .. (dot dot) sequence and a trailing null (%00) byte in the lng parameter, which will display a different error message if the file exists.
CVSS Score
5.0
EPSS Score
0.094
Published
2006-07-06
CVE-2005-3348
HTTP response splitting vulnerability in index.php in phpSysInfo 2.4 and earlier, as used in phpgroupware 0.9.16 and earlier, and egroupware before 1.0.0.009, allows remote attackers to spoof web content and poison web caches via CRLF sequences in the charset parameter.
CVSS Score
4.3
EPSS Score
0.016
Published
2005-11-18
CVE-2005-0869
phpSysInfo 2.3 allows remote attackers to obtain sensitive information via a direct request to (1) class.OpenBSD.inc.php, (2) class.NetBSD.inc.php, (3) class.FreeBSD.inc.php, (4) class.Darwin.inc.php, (5) XPath.class.php, (6) system_header.php, or (7) system_footer.php, which reveal the path in a PHP error message.
CVSS Score
5.0
EPSS Score
0.004
Published
2005-05-02
CVE-2005-0870
Multiple cross-site scripting (XSS) vulnerabilities in phpSysInfo 2.3, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) sensor_program parameter to index.php, (2) text[language], (3) text[template], or (4) hide_picklist parameter to system_footer.php.
CVSS Score
4.3
EPSS Score
0.117
Published
2005-05-02
CVE-2003-0536
Directory traversal vulnerability in phpSysInfo 2.1 and earlier allows attackers with write access to a local directory to read arbitrary files as the PHP user or cause a denial of service via .. (dot dot) sequences in the (1) template or (2) lng parameters.
CVSS Score
3.6
EPSS Score
0.007
Published
2003-08-18


Products
Pricing
Contact Us

Shodan ® - All rights reserved