N/A

phpMyBackupPro before 2.5 does not validate integer input, which allows remote authenticated users to execute arbitrary PHP code by injecting scripts via the path, filename, and period parameters to scheduled.php, and making requests to injected scripts, or by injecting PHP into a PHP configuration variable via a PHP variable variable.

N/A

N/A

phpMyBackupPro 安全漏洞

phpMyBackupPro是一套免费的基于Web的MySql备份工具。该工具支持自动备份、定时备份、异地备份MySql数据库。 phpMyBackupPro 2.5之前的版本中存在安全漏洞，该漏洞源于程序没有验证整数输入。远程攻击者可通过注入脚本或向PHP配置变量注入PHP利用该漏洞执行任意的PHP代码。

N/A

N/A