2 matches found
Input validation
PHPChain 1.0 and earlier allows remote attackers to obtain the installation path via invalid values of the catid parameter to 1 settings.php or 2 cat.php, as demonstrated by XSS manipulations...
Directory traversal
Directory traversal vulnerability in index.php in blur6ex 0.3.452 allows remote attackers to include arbitrary files via the shard parameter. NOTE: this issue can be exploited to produce resultant XSS when the parameter has XSS manipulations, and path disclosure with other invalid values...