The Announce module in phpWebSite 0.10.0 and previous versions allows remote malicious users to execute arbitrary PHP code by setting the Image field to reference a PHP file whose name contains a .gif.php extension.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
phpwebsite phpwebsite 0.10.0 |
||
phpwebsite phpwebsite 0.9.0 |
||
phpwebsite phpwebsite 0.9.3.3 |
||
phpwebsite phpwebsite 0.9.3.4 |
||
phpwebsite phpwebsite 0.9.2.1 |
||
phpwebsite phpwebsite 0.9.3 |
||
phpwebsite phpwebsite 0.9.3.1 |
||
phpwebsite phpwebsite 0.9.3.2 |
||
phpwebsite phpwebsite 0.9.1 |
||
phpwebsite phpwebsite 0.9.2 |