WeBid <= 1.0.2 (includes/converter.inc.php) PHP Code Injection Vulnerability


WeBid contains a flaw which allows a remote attacker to inject and execute arbitrary PHP code. The issue is due to user-supplied input passed via the ‘from’ and ‘to’ POST parameters to converter.php is not properly sanitized before being stored in includes/currencies.php.


Disclosure Date:

July 4, 2011