CVE-2007-2001
Summary
Multiple direct static code injection vulnerabilities in admin/configurer2.php in Crea-Book 1.0 and earlier allow remote authenticated administrators to execute arbitrary PHP code via the "Fond de la page" (background color) field and other unspecified fields, which injects into config.inc.php3.
- LOW
- NETWORK
- SINGLE
- PARTIAL
- PARTIAL
- PARTIAL
References
Advisory Timeline
- Published