CVE-2007-6135
CVE-2007-6135
Cross-site scripting (XSS) vulnerability in phpslideshow.php in PHPSlideShow 0.9.9.2, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the directory parameter. NOTE: this issue was originally reported for toonchapter8.php, but this is probably a site-specific name, since the PHPSlideShow distribution does not contain that file.
Affected products
n/a · n/apublic PoCs found — 2
cve_referencewww.packetstormsecurity.org/0711-exploits/phpslideshow-xss.txtunverifiedexploitdbwww.exploit-db.com/exploits/30806unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://secunia.com/advisories/27809https://exchange.xforce.ibmcloud.com/vulnerabilities/38638http://www.packetstormsecurity.org/0711-exploits/phpslideshow-xss.txthttp://www.securityfocus.com/archive/1/484192/100/0/threadedhttp://www.securityfocus.com/archive/1/484289/100/0/threadedhttp://www.securityfocus.com/archive/1/490968/100/0/threadedhttp://www.securityfocus.com/bid/26575http://www.securityfocus.com/bid/26576http://www.vupen.com/english/advisories/2007/3992