Prometheus 6.0 and previous versions allows remote malicious users to execute arbitrary PHP code via a modified PROMETHEUS_LIBRARY_BASE that points to code stored on a remote server, which is then used in (1) index.php, (2) install.php, or (3) various test_*.php scripts.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
jason orcutt prometheus 3.0_beta |
||
jason orcutt prometheus 4.0_beta |
||
jason orcutt prometheus 6.0 |