Direct static code injection vulnerability in admin.php in PHP-Stats 0.1.9.1b and previous versions allows remote malicious users to execute arbitrary PHP code via a crafted option_new[report_w_day] parameter in a preferenze action, which can be later accessed via option/php-stats-options.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
php-stats php-stats |