mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-06 02:31:38 +00:00
762 B
762 B
CVE-2017-9249
Description
Cross-site scripting (XSS) vulnerability in Allen Disk 1.6 allows remote authenticated users to inject arbitrary web script or HTML persistently by uploading a crafted HTML file. The attack vector is the content of this file, and the filename must be specified in the PATH_INFO to readfile.php.
POC
Reference
Github
No PoCs found on GitHub currently.