NavBoard Admin_config.PHP Arbitrary Code Execution Vulnerability

info
discussion
exploit
solution
references

NavBoard Admin_config.PHP Arbitrary Code Execution Vulnerability

NavBoard is prone to an arbitrary-code-execution vulnerability.

An attacker can exploit this vulnerability to create and execute arbitrary script code in the context of the webserver process.

NavBoard 1.6.0 is vulnerable to this issue.

Note that to exploit this vulnerability, the attacker must have administrative privileges to the application.