|
Description
|
|
Multiple vulnerabilities have been identified in HitHost, which could be exploited by remote attackers to delete arbitrary directories or execute malicious scripting code.
The first flaw is due to input validations errors in the "viewuser.php" and "deleteuser.php" scripts that fail to properly validate the "hits" and "user" variables, which could be exploited by attackers to cause malicious scripting code to be executed by the user's browser in the security context of an affected Web site.
The second issue is due to an input validation error in the "deleteuser.php" script that does not properly validate the "user" parameter before being passed to an "rmdir()" call, which could be exploited by attackers to delete arbitrary directories.
|
