phpSkelSite Multiple Input Validation Vulnerabilities

phpSkelSite is prone to multiple input-validation vulnerabilities:

- A remote file-include vulnerability
- A local file-include vulnerability
- A cross-site scripting vulnerability

An attacker can exploit these issues to execute malicious script code and PHP code in the context of the webserver process, compromise the affected application, and steal cookie-based authentication credentials. Other attacks are also possible.

phpSkelSite 1.4 is vulnerable; other versions may also be affected.


 

Privacy Statement
Copyright 2010, SecurityFocus