PHPBook 1.x - Mail Field PHP Code Injection

EDB-ID:

26999




Platform:

PHP

Date:

2005-12-29


source: https://www.securityfocus.com/bid/16106/info

phpBook is prone to a vulnerability that may let remote attackers inject arbitrary PHP code into the application. This code may then be executed by visiting pages that include the injected code. 

E-mail field: qwe@<? anyphpcode(); ?>.com