form.php in PMOS Help Desk 2.4 and previous versions sends a redirect to the web browser but does not exit, which allows remote malicious users to conduct eval injection attacks and execute arbitrary PHP code via the options array parameter.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
pmos helpdesk pmos helpdesk |