Variable overwrite vulnerability in blog.php in PHP-Update 2.7 and previous versions allows remote malicious users to overwrite arbitrary program variables and execute arbitrary PHP code via multiple vectors that use the extract function, as demonstrated by the (1) f, (2) newmessage, (3) newusername, (4) adminuser, and (5) permission parameters.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
php-update php-update |