Disclosure: Annuaire (Directory) Multiple Vulnerabilities

[This was originally published on OSVDB, now gone. VulnDB IDs 24302, 24303]

Comment left on feedback page:

While testing your demo of Annuaire (Directory), I noticed a few security vulnerabilities:

Many pages are calling /include/lang-en.php which is showing the full installation path. Additionally, directly requesting this script will reveal the full path.

inscription.php The comment field (COMMENTAIRE variable) allows for cross-site scripting (XSS) attacks.



Leave a Reply

%d bloggers like this: