Arbitrary PHP Code Execution in Eventum 2.3.5 via hostname Parameter

Arbitrary PHP Code Execution in Eventum 2.3.5 via hostname Parameter

CVE-2014-1632 · HIGH Severity

AV:N/AC:M/AU:N/C:C/I:C/A:C

htdocs/setup/index.php in Eventum before 2.3.5 allows remote attackers to inject and execute arbitrary PHP code via the hostname parameter.

Learn more about our Web Application Penetration Testing UK.