CVE-2008-3511

EPSS 1.5%

Multiple cross-site scripting (XSS) vulnerabilities in Softbiz Image Gallery (Photo Gallery) allow remote attackers to inject arbitrary web script or HTML via the (1) latest parameter to (a) index.php, (b) images.php, (c) suggest_image.php, and (d) image_desc.php; and the (2) msg parameter to index.php, images.php, and suggest_image.php, and (e) index.php, (f) adminhome.php, (g) config.php, (h) changepassword.php, (i) cleanup.php, (j) browsecats.php, and (k) images.php in admin/. NOTE: the image_desc.php/msg vector is covered by CVE-2006-1660. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Affected products

n/a · n/a

public PoCs found — 9

exploitdbwww.exploit-db.com/exploits/32174unverified exploitdbwww.exploit-db.com/exploits/32178unverified exploitdbwww.exploit-db.com/exploits/32176unverified exploitdbwww.exploit-db.com/exploits/32177unverified exploitdbwww.exploit-db.com/exploits/32175unverified exploitdbwww.exploit-db.com/exploits/32171unverified exploitdbwww.exploit-db.com/exploits/32173unverified exploitdbwww.exploit-db.com/exploits/32170unverified exploitdbwww.exploit-db.com/exploits/32172unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/44433 http://www.securityfocus.com/bid/30546 http://www.securityfocus.com/bid/30546/exploit