Direct static code injection vulnerability in write.php in Admbook 1.2.2 and previous versions allows remote malicious users to execute arbitrary PHP code via the X-Forwarded-For HTTP header field, which is inserted into content-data.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
devscripts admbook |