Description
PHP remote file inclusion vulnerability in payment.php in BosDev BosDates allows remote attackers to execute arbitrary PHP code via a URL in the insPath parameter.
Affected products
- bosdev / bosdates3.0 – 3.0
- bosdev / bosdates3.1 – 3.1
- bosdev / bosdates3.2 – 3.2
- bosdev / bosdates4.0 – 4.0