Description
eledicss.php in WeBid auction script 0.5.4 allows remote attackers to modify arbitrary cascading style sheets (CSS) files via a certain request with the file parameter set to style.css. NOTE: this can probably be leveraged for cross-site scripting (XSS) attacks.
Remediation
References
Related Vulnerabilities
WordPress Plugin WP Comment Remix SQL Injection and HTML Injection Vulnerabilities (1.4.3)
WordPress Plugin GiveWP-Donation and Fundraising Platform Multiple Vulnerabilities (2.21.2)
WordPress Plugin Adifier System Multiple Vulnerabilities (3.1.3)
WordPress Plugin WP AutoComplete Search SQL Injection (1.0.4)