phgstats.inc.php in phgstats prior to 0.5.1, if register_globals is enabled, allows remote malicious users to include arbitrary files and execute arbitrary PHP code by modifying the PHGDIR variable.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
woah-projekt phgstats 0.3 |
||
woah-projekt phgstats 0.3.1 |
||
woah-projekt phgstats 0.1 |
||
woah-projekt phgstats 0.2 |
||
woah-projekt phgstats 0.4.2 |
||
woah-projekt phgstats 0.5 |
||
woah-projekt phgstats 0.4 |
||
woah-projekt phgstats 0.4.1 |