PhpAlbum.net 0.4.1-14_fix06 - 'var3' Remote Command Execution
| EKU-ID: 40219 | CVE: | OSVDB-ID: |
| Author: High-Tech Bridge SA | Published: 2011-04-14 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 40219 | CVE: | OSVDB-ID: |
| Author: High-Tech Bridge SA | Published: 2011-04-14 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
source: https://www.securityfocus.com/bid/47369/info
PhpAlbum.net is prone to a remote command-execution vulnerability because it fails to properly validate user-supplied input.
An attacker can exploit this issue to execute arbitrary commands within the context of the vulnerable process.
PhpAlbum.net 0.4.1-14_fix06 is vulnerable; other versions may also be affected.
http://www.example.com/main.php?cmd=setup&var1=user&var3=1-file_put_contents('./x.xxx','xxxx')