PHP Code Execution in Alguest
Summary
- Vulnerability
- PHP Code Execution in Alguest
- Discovered
- 2010.11.21
- Last Update
- n/a n/a
- ID
- EV0153
- CVE
- n/a
- Risk Level
- high
- Type
- PHP Code Execution
- Status
- Unpatched. Vendor notified. No reply from developer(s).
- Vendor
- n/a
- Vulnerable Software
- Alguest (http://sourceforge.net/projects/alguest/)
- Version
- 1.1c-patched
- PoC/Exploit
- Available
- Solution
- Not available
- Discovered by
- Aliaksandr Hartsuyeu (eVuln.com)
Description
PHP Code Execution found in Alguest (http://sourceforge.net/projects/alguest/) script.
- PHP Code Execution
- It is possible to inject and execute arbitrary PHP code
All options values are written to dati/vars.php file. These values dont pass through any sanitation filter.
Vulnerable script: opzioni.php
PoC/Exploit
- PHP Code Execution Example
- All user-defined options may be used for php code injection and execution.
Password: 12345"; echo "PHP Code"; $aaa="
Solution.
Solution for "PHP Code Execution in Alguest" is not available. Check vendor's website for updates.