Static code injection vulnerability in guestbook.php in 1Book 1.0.1 and previous versions allows remote malicious users to upload arbitrary PHP code via the message parameter in an HTML webform, which is written to data.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
1-script 1-book |