Description
eledicss.php in WeBid auction script 0.5.4 allows remote attackers to modify arbitrary cascading style sheets (CSS) files via a certain request with the file parameter set to style.css. NOTE: this can probably be leveraged for cross-site scripting (XSS) attacks.
Remediation
References
Related Vulnerabilities
IBM RTC Exposure of Resource to Wrong Sphere Vulnerability (CVE-2020-4989)
Jenkins Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-0790)
Joomla! Core 1.0.x SQL Injection (1.0.0 - 1.0.11)
Jboss EAP Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2019-9511)