GeSHi CVE-2012-3521 Multiple Local File Include Vulnerabilities

GeSHi is prone to multiple local file-include vulnerabilities because it fails to properly sanitize user-supplied input.

An attacker can exploit this issue using directory-traversal strings to view and execute local files within the context of the web server process. Information harvested may aid in further attacks.

GeSHi 1.0.8.4 is vulnerable; other versions may also be affected.

Note: Information about cross-site scripting issue has been moved to BID 59830 (GeSHi 'langwiz.php' Cross Site Scripting Vulnerability) to better document it.


 

Privacy Statement
Copyright 2010, SecurityFocus