WeBid <= 1.0.2 (includes/converter.inc.php) PHP Code Injection Vulnerability
Description:
WeBid contains a flaw which allows a remote attacker to inject and execute arbitrary PHP code. The issue is due to user-supplied input passed via the ‘from’ and ‘to’ POST parameters to converter.php is not properly sanitized before being stored in includes/currencies.php.
References:
Disclosure Date:
July 4, 2011