savesettings.php in phpGB 1.20 and previous versions does not require authentication, which allows remote malicious users to cause a denial of service or execute arbitrary PHP code by using savesettings.php to modify config.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
phpgb phpgb 1.10 |
||
phpgb phpgb 1.20 |