LightBlog <= 9.9.2 (register.php) PHP Code Injection Vulnerability


LightBlog contains a flaw that allows malicious users to execute arbitrary PHP code. The issue is due to user-supplied input passed via multiple parameters to register.php is not properly sanitized before being stored within a php file.


Disclosure Date:

April 27, 2009