Code injection

Direct static code injection vulnerability in admincp/userhelp.php in Headstart Solutions DeskPRO 3.0.2 allows remote authenticated users to inject arbitrary PHP code into an unspecified file via a newentry value in the do parameter...