Produkt Labwiki (...) - CVEMAP.ORG

Podatności dla 'Labwiki'

2017-10-23

CVE-2011-4334

edit.php in LabWiki 1.1 and earlier does not properly verify uploaded user files, which allows remote authenticated users to upload arbitrary PHP files via a PHP file with a .gif extension in the userfile parameter.

CVE-2011-4333

Multiple cross-site scripting (XSS) vulnerabilities in LabWiki 1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) from parameter to index.php or the (2) page_no parameter to recentchanges.php.

Copyright 2024, cxsecurity.com