Remote Code Execution in Phormation PHP Script

Remote Code Execution in Phormation PHP Script

CVE-2001-1237 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

Phormation PHP script 0.9.1 and earlier allows remote attackers to execute arbitrary code by including files from remote web sites, using an HTTP request that modifies the phormationdir variable.

Learn more about our Web App Pen Testing.