CVE-2012-2918
Chevereto 1.91 - Cross-Site Scripting via Upload Engine v Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2012-2918. PoCs published by AkaStep.
AI-analyzed exploit summary The provided text describes a cross-site scripting (XSS) and information disclosure vulnerability in Chevereto Image Upload Script 1.91. The example URL demonstrates a path traversal attempt combined with an XSS payload, but no actual exploit code is present.
Description
Cross-site scripting (XSS) vulnerability in Upload/engine.php in Chevereto 1.91 allows remote attackers to inject arbitrary web script or HTML via the v parameter.
Exploits (1)
The provided text describes a cross-site scripting (XSS) and information disclosure vulnerability in Chevereto Image Upload Script 1.91. The example URL demonstrates a path traversal attempt combined with an XSS payload, but no actual exploit code is present.