CVE-2005-4239 in PHP JackKnifeinfo

Summary

by MITRE

Cross-site scripting (XSS) vulnerability in Search/DisplayResults.php in PHP JackKnife 2.21 and earlier allows remote attackers to inject arbitrary web script or HTML via URL-encoded values in the sKeywords parameter.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Analysis

by VulDB Data Team • 09/21/2025

The vulnerability identified as CVE-2005-4239 represents a classic cross-site scripting flaw within the PHP JackKnife content management system version 2.21 and earlier. This security weakness resides in the Search/DisplayResults.php script which fails to properly sanitize user input before rendering it within web pages. The vulnerability specifically affects the sKeywords parameter that processes URL-encoded values, creating an avenue for malicious actors to inject arbitrary web scripts or HTML code into the application's output. This type of vulnerability falls under the CWE-79 category of Cross-Site Scripting, which is classified as a critical web application security issue that allows attackers to execute scripts in the context of other users.

The technical exploitation of this vulnerability occurs when an attacker crafts a malicious URL containing encoded script content within the sKeywords parameter. When the vulnerable PHP application processes this input and displays it without proper sanitization or encoding, the injected script executes in the victim's browser. This can lead to various malicious activities including session hijacking, credential theft, defacement of web pages, or redirection to malicious sites. The vulnerability is particularly dangerous because it operates entirely through HTTP requests without requiring any special privileges or authentication, making it accessible to any remote attacker who can manipulate the search functionality.

The operational impact of this vulnerability extends beyond simple script injection, as it can compromise the integrity and confidentiality of web applications using PHP JackKnife. Attackers can leverage this weakness to steal user sessions, modify content displayed to other users, or redirect them to phishing sites designed to capture credentials. The vulnerability affects the entire user base of affected installations, making it a significant concern for web administrators who may not immediately detect the compromise. From an attacker's perspective, this vulnerability aligns with ATT&CK technique T1531 which involves using web shells or scripts to maintain access and execute commands on compromised systems.

Mitigation strategies for CVE-2005-4239 should focus on immediate patching of the PHP JackKnife application to version 2.22 or later where the vulnerability has been addressed. In the interim, administrators should implement input validation and output encoding measures to prevent malicious scripts from being executed. The application should sanitize all user inputs, particularly those used in dynamic content generation, by implementing proper HTML escaping techniques. Additionally, the principle of least privilege should be enforced by limiting the permissions of the web application and implementing Content Security Policy headers to restrict script execution. Regular security audits and web application firewalls can help detect and prevent exploitation attempts while maintaining the application's functionality and user experience.

Reservation

12/14/2005

Disclosure

12/14/2005

Moderation

accepted

Entry

VDB-27487

CPE

ready

Exploit

Download

EPSS

0.01752

KEV

no

Activities

very low

Sources

Interested in the pricing of exploits?

See the underground prices here!