China-on-site » Flexcustomer0.0.6 : Security Vulnerabilities, CVEs,
Static code injection vulnerability in admin/install.php in Flexcustomer 0.0.6 might allow remote attackers to inject arbitrary PHP code into const.inc.php via the installdbname parameter (aka the Database Name field). NOTE: the installation instructions specify deleting admin/install.php.
Max CVSS
10.0
EPSS Score
0.35%
Published
2009-04-28
Updated
2017-09-29
1 vulnerabilities found