The "upload a language pack" feature in paFAQ 1.0 Beta 4 allows remote authenticated administrators to execute arbitrary PHP commands by uploading a malicious language pack.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
php arena pafaq 1.0_beta_4 |