mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-06 02:31:38 +00:00
727 B
727 B
CVE-2005-3010
Description
Direct static code injection vulnerability in the flood protection feature in inc/shows.inc.php in CuteNews 1.4.0 and earlier allows remote attackers to execute arbitrary PHP code via the HTTP_CLIENT_IP header (Client-Ip), which is injected into data/flood.db.php.
POC
Reference
Github
No PoCs found on GitHub currently.