This blog will be updated with more information about the vulnerability and the exploitation once the CVE is assigned.

Discovered by: Mohammed Fadhl Al-Barbari

CVE-ID : WaitListed

Vendor : https://www.ar-php.org/

Vulnerability type : Cross-Site Scripting

Verified on : arPHP 3.6.0

Description :

Cross-Site Scripting vulnerability was found in arPHP examples. The affected script takes parameters without any filtration. an attacker could execute any JS code or inject an HTML page.

POCs : Will be avaliable soon

Follow us:

Twitter:
Mohammed Al-Barbari

LinkedIn:
Mohammed Al-Barbari