RSS   Vulnerabilities for 'Labwiki'   RSS

2017-10-23
 
CVE-2011-4334

 

 
edit.php in LabWiki 1.1 and earlier does not properly verify uploaded user files, which allows remote authenticated users to upload arbitrary PHP files via a PHP file with a .gif extension in the userfile parameter.

 
 
CVE-2011-4333

 

 
Multiple cross-site scripting (XSS) vulnerabilities in LabWiki 1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) from parameter to index.php or the (2) page_no parameter to recentchanges.php.

 


Copyright 2024, cxsecurity.com

 

Back to Top