vendor:
phpScheduleIt
by:
EgiX, juan vazquez
N/A
CVSS
N/A
Arbitrary Code Injection
78
CWE
Product Name: phpScheduleIt
Affected Version From: 1.2.10
Affected Version To: 1.2.10
Patch Exists: NO
Related CWE: CVE-2008-6132
CPE: a:phpscheduleit:phpscheduleit
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: PHP
2008
phpScheduleIt PHP reserve.php start_date Parameter Arbitrary Code Injection
This module exploits an arbitrary PHP code execution flaw in the phpScheduleIt software. This vulnerability is only exploitable when the magic_quotes_gpc PHP option is 'off'. Authentication is not required to exploit the bug. Version 1.2.10 and earlier of phpScheduleIt are affected.
Mitigation:
Enable magic_quotes_gpc in php.ini