Arbitrary PHP Code Execution via dbprefix Parameter in ProjectSend r754
CVE-2017-9741 · HIGH Severity
AV:N/AC:L/AU:N/C:P/I:P/A:P
install/make-config.php in ProjectSend r754 allows remote attackers to execute arbitrary PHP code via the dbprefix parameter, related to replacing TABLES_PREFIX in the configuration file.
Learn more about our Web Application Penetration Testing UK.