PHP Pro Publish set_inc.php Arbitrary PHP Code Execution
Remote / Network Access
Loss of Integrity
PHP Pro Publish contains a flaw that may allow a malicious user to run arbitrary code. The issue is triggered due to 'set_inc.php' not properly sanitizing settings made by administrative users. That way, arbitrary PHP code may be injected, which will be executed when the file is included, resulting in a loss of integrity.
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.