|
Description
|
|
Multiple vulnerabilities have been identified in phpTrafficA, which could be exploited by remote attackers to disclose the contents of arbitrary files or execute arbitrary SQL queries and scripting code.
The first issue is caused by input validation errors in the "index.php" script that does not validate the "lang" parameter, which could be exploited by malicious users to include local files with the privileges of the web server cause arbitrary scripting code to be executed by the user's browser in the security context of an affected Web site.
The second vulnerability is caused by an input validation error in the "stats" module when processing the "pageid" parameter, which could be exploited by malicious people to conduct SQL injection attacks.
|
