2 matches found
Siteframe siteframe.php LOCAL_PATH Parameter Remote File Inclusion
The remote host is running Siteframe, an open source content management system using PHP and MySQL. The installed version of Siteframe does not properly sanitize the 'LOCALPATH' parameter of the 'siteframe.php' script before using it to include files. By leveraging this flaw, an attacker is able ...
Siteframe search.php searchfor Parameter XSS
Siteframe 2.2.4 has a cross-site scripting bug. An attacker may use it to perform a cross-site scripting attack on this host. In addition to this, another flaw in this package may allow an attacker to obtain the physical path to the remote web root. %NASLMINLEVEL 70300 written by K-Otik.com...