vendor:
Andy's PHP Knowledgebase
by:
Unknown
7.5
CVSS
HIGH
Arbitrary Code Execution
CWE
Product Name: Andy's PHP Knowledgebase
Affected Version From: 0.95.4
Affected Version To: 0.95.4
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested: Unknown
Unknown
Arbitrary Code Execution in Andy’s PHP Knowledgebase
The vulnerability allows remote attackers to execute arbitrary PHP code by exploiting the application's failure to sanitize user-supplied input. By submitting a specially crafted input, attackers can execute arbitrary code within the context of the affected webserver process.
Mitigation:
Unknown