Description

eledicss.php in WeBid auction script 0.5.4 allows remote attackers to modify arbitrary cascading style sheets (CSS) files via a certain request with the file parameter set to style.css. NOTE: this can probably be leveraged for cross-site scripting (XSS) attacks.

Remediation

References

CVE-2008-7117

Related Vulnerabilities

WordPress Plugin Store Locator for WordPress with Google Maps-LotsOfLocales SQL Injection (3.11)

WordPress Plugin YITH Color and Label Variations for WooCommerce Security Bypass (1.8.11)

Magento Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2021-21024)

MySQL Use of Externally-Controlled Format String Vulnerability (CVE-2006-3469)

Jboss EAP Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-3464)

Severity

Medium

Classification

CVE-2008-7117 CWE-264

Tags

Missing Update Known Vulnerabilities