PHP FormMail Generator Cross Site Scripting and Arbitrary File Upload Vulnerabilities

PHP FormMail Generator is prone to a cross-site scripting vulnerability and an arbitrary file-upload vulnerability because it fails to properly sanitize user-supplied input.

Attackers can exploit these issues to steal cookie-based authentication information, execute arbitrary scripts in the context of the browser, upload and execute arbitrary files in the context of the webserver, and launch other attacks.


Privacy Statement
Copyright 2010, SecurityFocus