RoSPORA <= 1.5.0 (index.php) PHP Code Injection Vulnerability

Description:

RoSPORA contains a flaw that allows malicious users to inject and execute arbitrary PHP code. The issue is due to user-supplied input passed through the $_GET[’s'] parameter isn’t properly sanitized before being used in a call to the create_function() PHP function into the index.php script.

References:

BID-44554
EDB-15343

Disclosure Date:

October 28, 2010