CVE-2011-5040
Infoproject Biznis Heroj - Stored Cross-Site Scripting via config Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2011-5040. PoCs published by LiquidWorm.
AI-analyzed exploit summary The exploit demonstrates an authentication bypass vulnerability in Infoproject Biznis Heroj via SQL injection in the login.php script. It also includes XSS and SQLi vulnerabilities in other scripts, with clear PoC examples for each.
Description
Multiple cross-site scripting (XSS) vulnerabilities in Infoproject Biznis Heroj allow remote attackers to inject arbitrary web script or HTML via the config parameter to (1) nalozi_naslov.php and (2) widget.dokumenti_lista.php.
Exploits (1)
The exploit demonstrates an authentication bypass vulnerability in Infoproject Biznis Heroj via SQL injection in the login.php script. It also includes XSS and SQLi vulnerabilities in other scripts, with clear PoC examples for each.