CVE-2007-4413

2007-08-1821:00:00

mitre

www.cve.org

6.8 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

43.9%

JSON

Direct static code injection vulnerability in admincp/user_help.php in Headstart Solutions DeskPRO 3.0.2 allows remote authenticated users to inject arbitrary PHP code into an unspecified file via a new_entry value in the do parameter.

References

osvdb.org/46653

securityreason.com/securityalert/3029

www.securityfocus.com/archive/1/476454/100/0/threaded