Direct static code injection vulnerability in phpBook 1.3.2 and earlier allows remote attackers to execute arbitrary PHP code via the e-mail field (mail variable) in a new message, which is written to a PHP file.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Phpbook | Gnu | 1.1 | 1.1 |
Phpbook | Gnu | 1.2 | 1.2 |
Phpbook | Gnu | * | 1.3.2 |
Phpbook | Gnu | 1.0 | 1.0 |
Phpbook | Gnu | 1.3 | 1.3 |