2 matches found
CVE-2008-4645
plugins/eventtracer/eventlist.php in PhpWebGallery 1.7.2 and earlier allows remote authenticated administrators to execute arbitrary PHP code via PHP sequences in the sort parameter, which is processed by createfunction...
CVE-2008-4645
In PhpWebGallery, versions up to 1.7.2 are vulnerable to CVE-2008-4645. The issue arises in plugins/event_tracer/event_list.php where remote authenticated administrators can cause arbitrary PHP code execution by injecting PHP sequences into the sort parameter, which is processed by create_functio...