VYPR
Unrated severityNVD Advisory· Published Apr 20, 2006· Updated Jun 16, 2026

CVE-2006-1888

CVE-2006-1888

Description

phpGraphy 0.9.11 and earlier allows remote attackers to bypass authentication and gain administrator privileges via a direct request to index.php with the editwelcome parameter set to 1, which can then be used to modify the main page to inject arbitrary HTML and web script. NOTE: XSS attacks are resultant from this issue, since normal functionality allows the admin to modify pages.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

4
  • cpe:2.3:a:phpgraphy:phpgraphy:*:*:*:*:*:*:*:*+ 3 more
    • cpe:2.3:a:phpgraphy:phpgraphy:*:*:*:*:*:*:*:*range: <=0.9.11
    • cpe:2.3:a:phpgraphy:phpgraphy:0.9.10:*:*:*:*:*:*:*
    • cpe:2.3:a:phpgraphy:phpgraphy:0.9.9a:*:*:*:*:*:*:*
    • (no CPE)range: <=0.9.11

Patches

Vulnerability mechanics

References

9

News mentions

0

No linked articles in our index yet.