Arbitrary PHP Code Execution in modsecurity.php 1.10 and Earlier

Arbitrary PHP Code Execution in modsecurity.php 1.10 and Earlier

CVE-2002-1135 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

modsecurity.php 1.10 and earlier, in phpWebSite 0.8.2 and earlier, allows remote attackers to execute arbitrary PHP source code via an inc_prefix parameter that points to the malicious code.

Learn more about our Web App Pen Testing.