Feed on Feeds <= 0.5 (fof-main.php) PHP Code Injection Vulnerability


Feed on Feeds contains a flaw which allows a remote attacker to inject and execute arbitrary PHP code. The issue is due to user-supplied input passed through the $_POST[‘feed_order’] parameter to set-prefs.php isn’t properly sanitized before being used in a call to the create_function() PHP function.


Disclosure Date:

September 30, 2011