Full title: HybridAuth install.php PHP Code Execution Exploit 
Category: remote exploits
Platform: php
This Metasploit module exploits a PHP code execution vulnerability in HybridAuth versions 2.0.9 to 2.2.2. The install file 'install.php' is not removed after installation allowing unauthenticated users to write PHP code to the application configuration file 'config.php'. Note: This exploit will overwrite the application configuration file rendering the application unusable.

# 0day.today @ http://0day.today/