Static code injection vulnerability in admin/install.php in Flexcustomer 0.0.6 might allow remote malicious users to inject arbitrary PHP code into const.inc.php via the installdbname parameter (aka the Database Name field). NOTE: the installation instructions specify deleting admin/install.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
china-on-site flexcustomer0.0.6 |