Frax: Security Vulnerabilities
PHP remote file inclusion vulnerability in admin.php in Frax.dk Php Recommend 1.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the form_include_template parameter.
CVSS Score
7.5
EPSS Score
0.053
Published
2009-05-22
admin.php in Frax.dk Php Recommend 1.3 and earlier does not require authentication when the user password is changed, which allows remote attackers to gain administrative privileges via modified form_admin_user and form_admin_pass parameters.
CVSS Score
7.5
EPSS Score
0.022
Published
2009-05-22
Static code injection vulnerability in admin.php in Frax.dk Php Recommend 1.3 and earlier allows remote attackers to inject arbitrary PHP code into phpre_config.php via the form_aula parameter.
CVSS Score
7.5
EPSS Score
0.031
Published
2009-05-22