← volver
CVE-2008-3511

CVE-2008-3511

EPSS 1.5%
Multiple cross-site scripting (XSS) vulnerabilities in Softbiz Image Gallery (Photo Gallery) allow remote attackers to inject arbitrary web script or HTML via the (1) latest parameter to (a) index.php, (b) images.php, (c) suggest_image.php, and (d) image_desc.php; and the (2) msg parameter to index.php, images.php, and suggest_image.php, and (e) index.php, (f) adminhome.php, (g) config.php, (h) changepassword.php, (i) cleanup.php, (j) browsecats.php, and (k) images.php in admin/. NOTE: the image_desc.php/msg vector is covered by CVE-2006-1660. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Productos afectados
n/a · n/a
PoCs públicas encontradas9
exploitdbwww.exploit-db.com/exploits/32174no verificadoexploitdbwww.exploit-db.com/exploits/32178no verificadoexploitdbwww.exploit-db.com/exploits/32176no verificadoexploitdbwww.exploit-db.com/exploits/32177no verificadoexploitdbwww.exploit-db.com/exploits/32175no verificadoexploitdbwww.exploit-db.com/exploits/32171no verificadoexploitdbwww.exploit-db.com/exploits/32173no verificadoexploitdbwww.exploit-db.com/exploits/32170no verificadoexploitdbwww.exploit-db.com/exploits/32172no verificado
⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://exchange.xforce.ibmcloud.com/vulnerabilities/44433http://www.securityfocus.com/bid/30546http://www.securityfocus.com/bid/30546/exploit