Direct static code injection vulnerability in forum.php in Ben Ng Scribe 0.2 and previous versions allows remote malicious users to inject arbitrary PHP code into a certain file in regged/ via the username parameter in a Register action, possibly related to the register function in forumfunctions.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
scribe scribe 0.2 |