Direct static code injection vulnerability in admin_config.php in NavBoard 2.6.0 allows remote attackers to inject arbitrary PHP code into data/config.php via multiple parameters, as demonstrated via the threadperpage parameter in an editconfig action.
Max CVSS
7.5
EPSS Score
1.50%
Published
2007-05-30
Updated
2017-10-11
1 vulnerabilities found