Code injection

Static code injection vulnerability in admin/install.php in Flexcustomer 0.0.6 might allow remote attackers to inject arbitrary PHP code into const.inc.php via the installdbname parameter aka the Database Name field. NOTE: the installation instructions specify deleting admin/install.php...

CVE-2008-6761

CVE-2008-6761 affects Flexcustomer 0.0.6 and is a static code injection vulnerability in admin/install.php that enables remote attackers to inject arbitrary PHP into const.inc.php via the installdbname parameter (Database Name field). The issue stems from admin/install.php and installation notes ...