source: http://www.securityfocus.com/bid/10436/info
e107 is prone to multiple cross-site scripting, HTML injection, file inclusion, and SQL injection vulnerabilities. This may compromise various security properties of a Web site running the software, including allowing remote attackers to execute malicious PHP code.
- HTML injection in the "email article to a friend" and "submit news" pages.:
foobar'><body onload=alert(document.cookie);>
京公网安备 11010502034610号
暂无评论