prepend.php3 in PHPLib prior to 7.2d, when register_globals is enabled for PHP, allows remote malicious users to execute arbitrary scripts via an HTTP request that modifies $_PHPLIB[libdir] to point to malicious code on another server, as seen in Horde 1.2.5 and previous versions, IMP prior to 2.2.6, and other packages that use PHPLib.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
phplib team phplib 7.2 |
||
phplib team phplib 7.2.1 |
||
phplib team phplib 7.2b |
||
phplib team phplib 7.2c |