2 matches found
Information disclosure
PowerPhlogger 2.2.5 allows remote attackers to obtain sensitive information via a direct request to 1 edCss.inc.php, 2 foot.inc.php, 3 getcsscolors.inc.php, 4 head.inc.php, 5 headstuff.inc.php, 6 loglist.inc.php, and 7 pphloggersend.inc.php in include/, which reveals the installation path in an...
CVE-2009-4253
Power Phlogger vulnerability CVE-2009-4253: Cross-site scripting in dspStats.php (PowerPhlogger 2.2.5) allows remote attackers to inject arbitrary web script or HTML via the edit parameter. Root cause: failure to properly sanitize user-supplied input. The issue is documented across multiple feeds...