CVE-2007-5453 Information

Description

Multiple eval injection vulnerabilities in Php-Stats 0.1.9.2 allow remote authenticated administrators to execute arbitrary code by writing PHP sequences to the php-stats-options record in the _options table which is used in an eval function call by (1) admin.php (2) click.php (3) download.php and unspecified other files as demonstrated by modifying _options through a backup restore action in admin.php.

Reference

http://osvdb.org/43480 http://www.securityfocus.com/bid/26022 https://www.exploit-db.com/exploits/4513