Full title: php-Charts 1.0 Arbitrary PHP Code Execution Vulnerability Category: web applications Platform: php This Metasploit module exploits a PHP code execution vulnerability in php-Charts version 1.0 which could be abused to allow users to execute arbitrary PHP code under the context of the webserver user. The 'url.php' script calls eval() with user controlled data from any HTTP GET parameter name. # 0day.today @ http://0day.today/