EPractize Labs Subscription Manager 'showImg.php' PHP Code Injection Vulnerability Network Vulnerability

Summary

EPractize Labs Subscription Manager is prone to a remote PHP code- injection vulnerability. An attacker can exploit this issue to inject and execute arbitrary PHP code in the context of the affected application. This may facilitate a compromise of the application and the underlying system other attacks are also possible.

References

http://archives.neohapsis.com/archives/fulldisclosure/current/0118.html
http://www.epractizelabs.com/email-marketing/subscription-manager.html
http://www.securityfocus.com/bid/50919

Updated on 2015-03-25

Severity

Classification

CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Advantech WebAccess Multiple Vulnerabilities
ATutor password reminder SQL injection
AlienVault Open Source SIEM (OSSIM) 'timestamp' Parameter Directory Traversal Vulnerability
ALCASAR Remote Code Execution Vulnerability
AstroSPACES profile.php SQL Injection Vulnerability

Take action and discover your vulnerabilities