PMOS Help Desk <= 2.4 (form.php) PHP Code Injection Vulnerability


form.php in PMOS Help Desk 2.4 and earlier sends a redirect to the web browser but does not exit, which allows remote attackers to conduct eval injection attacks and execute arbitrary PHP code via the options array parameter.


Disclosure Date:

December 25, 2007