CMReams Cross Site Scripting and Local File Include Vulnerabilities

info
discussion
exploit
solution
references

CMReams Cross Site Scripting and Local File Include Vulnerabilities

Attackers can use a browser to exploit these issues. To exploit the cross-site scripting issue, an attacker must entice an unsuspecting user into following a malicious URI.

The following example URIs are available:

http://www.example.com/path/load_language.php?page_language=[LFI]
http://www.example.com/path/backend/umleitung.php?lang[be_red_text]=[XSS]