5 lines
No EOL
347 B
Text
5 lines
No EOL
347 B
Text
source: http://www.securityfocus.com/bid/8011/info
|
|
|
|
It has been reported that Tutos does not properly handle input to the file_select script. Because of this, an attacker may be able to execute code in the browser of another user with the privileges of the vulnerable site.
|
|
|
|
http://www.example.com/tutos/file/file_select.php?msg=<hostile code> |