Multiple static code injection vulnerabilities in the saveFeed function in rss/feedcreator.class.php in Bitweaver 2.6 and earlier allow (1) remote authenticated users to inject arbitrary PHP code into files by placing PHP sequences into the account's "display name" setting and then invoking boards/boards_rss.php, and might allow (2) remote attackers to inject arbitrary PHP code into files via the HTTP Host header in a request to boards/boards_rss.php.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2009-05-18T18:00:00
Updated: 2017-09-28T12:57:01
Reserved: 2009-05-18T00:00:00
Link: CVE-2009-1677
JSON object: View
NVD Information
Status : Modified
Published: 2009-05-18T18:30:01.157
Modified: 2017-09-29T01:34:30.747
Link: CVE-2009-1677
JSON object: View
Redhat Information
No data.
CWE