Description
install/make-config.php in ProjectSend r754 allows remote attackers to execute arbitrary PHP code via the dbprefix parameter, related to replacing TABLES_PREFIX in the configuration file.
Remediation
References
Related Vulnerabilities
Apache Tomcat Other Vulnerability (CVE-2007-1355)
WordPress Plugin Coupon Tab for DirectoryPress Multiple Cross-Site Scripting Vulnerabilities (0.2.0)
WordPress Plugin User Activity Security Bypass (1.0.1)
IBM RTC Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-6131)
Apache Tomcat Session Fixation Vulnerability (CVE-2019-17563)