RoSPORA <= 1.5.0 (index.php) PHP Code Injection Vulnerability


RoSPORA contains a flaw that allows malicious users to inject and execute arbitrary PHP code. The issue is due to user-supplied input passed through the $_GET[’s'] parameter isn’t properly sanitized before being used in a call to the create_function() PHP function into the index.php script.


Disclosure Date:

October 28, 2010