Arbitrary PHP Code Execution in Eventum 2.3.5 via hostname Parameter
CVE-2014-1632 · HIGH Severity
AV:N/AC:M/AU:N/C:C/I:C/A:C
htdocs/setup/index.php in Eventum before 2.3.5 allows remote attackers to inject and execute arbitrary PHP code via the hostname parameter.
Learn more about our Web Application Penetration Testing UK.