PHP Easy Download Admin/save.php Paramater Code Injection Vulnerability Network Vulnerability

Summary

The remote web server contains a PHP script that is affected by a remote code execution issue. Description: The version of PHP Easy Download installed on the remote host fails to sanitize input to the 'moreinfo' parameter before using it in the 'save.php' script. By sending a specially-crafted value, an attacker can store and execute code at the privilege level of the remote web server.

Solution

Unknown at this time.

Severity

Classification

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

ASP-Dev XM Event Diary Multiple Vulnerabilities
ATutor < 1.5.1-pl1 Multiple Flaws
Adiscon LogAnalyzer Multiple SQL Injection and XSS Vulnerabilities
ASP Inline Corporate Calendar SQL injection
AdPeeps 'index.php' Multiple Vulnerabilities.

PHP Easy Download admin/save.php Paramater Code Injection Vulnerability

Take action and discover your vulnerabilities