FunkBoard 0.66CF, and possibly earlier versions, does not properly restrict access to the (1) admin/mysql_install.php and (2) admin/pg_install.php scripts, which allows malicious users to obtain the database username and password or inject arbitrary PHP code into info.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
funkboard funkboard |