Secunia Logo  


Secunia PSI WorldMap
 
CVE Reference: CVE-2007-1635
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE:
CVE-2007-1635

Description:
Static code injection vulnerability in admin/settings.php in Net Portal Dynamic System (NPDS) 5.10 and earlier allows remote authenticated users to inject arbitrary PHP code via the xtop parameter in a "ConfigSave" op to admin.php, which can later be accessed via a "Configure" op to admin.php.

CVE Status:
Candidate

References:

SREASON
  http://securityreason.com/securityalert/2473

SAID
  Secunia Advisory: SA24571

OSVDB
  34303

BUGTRAQ
  http://www.securityfocus.com/archive/1/archive/1/463176/100/0/threaded


Return to the previous page.