CVE-2007-2899

CVE-2007-2899 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

Direct static code injection vulnerability in admin_config.php in NavBoard 2.6.0 allows remote attackers to inject arbitrary PHP code into data/config.php via multiple parameters, as demonstrated via the threadperpage parameter in an editconfig action.

Learn more about our Web Application Penetration Testing UK.