vendor:
PHPmyGallery
by:
TheMirkin
7.5
CVSS
HIGH
Cross-Site Scripting, Local File Disclosure
79
CWE
Product Name: PHPmyGallery
Affected Version From: 1.51.010
Affected Version To: 1.51.010
Patch Exists: NO
Related CWE:
CPE: a:phpmygallery:phpmygallery:1.51.010
Platforms Tested:
2013
PHPmyGallery Cross-Site Scripting and Local File-Disclosure Vulnerabilities
PHPmyGallery is prone to multiple cross-site scripting vulnerabilities and a local file-disclosure vulnerability because it fails to sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, and obtain sensitive information from local files on computers running the vulnerable application. This may aid in further attacks.
Mitigation:
To mitigate these vulnerabilities, it is recommended to update PHPmyGallery to the latest version available. Additionally, input validation and sanitization should be implemented to prevent cross-site scripting attacks.
