vendor:
by:
ThE dE@Th
7.5
CVSS
HIGH
Code Injection
94
CWE
Product Name:
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested:
2007
Code Injection Vulnerability in settings.php
The exploit allows an attacker to inject arbitrary code into the 'pfad_z' parameter in the settings.php file on a website. This can lead to remote code execution and potentially compromise the entire system.
Mitigation:
To mitigate this vulnerability, it is recommended to sanitize and validate user input before using it in any code execution context. Additionally, keeping software up to date and applying security patches can also help prevent such vulnerabilities.