PHP Code Execution in Alguest

Summary

Vulnerability
PHP Code Execution in Alguest
Discovered
2010.11.21
Last Update
n/a n/a
ID
EV0153
CVE
n/a
Risk Level
high
Type
PHP Code Execution
Status
Unpatched. Vendor notified. No reply from developer(s).
Vendor
n/a
Vulnerable Software
Alguest (http://sourceforge.net/projects/alguest/)
Version
1.1c-patched
PoC/Exploit
Available
Solution
Not available
Discovered by
Aliaksandr Hartsuyeu (eVuln.com)

Description

PHP Code Execution found in Alguest (http://sourceforge.net/projects/alguest/) script.

PHP Code Execution
It is possible to inject and execute arbitrary PHP code

All options values are written to dati/vars.php file. These values dont pass through any sanitation filter.

Vulnerable script: opzioni.php

PoC/Exploit

PHP Code Execution Example
All user-defined options may be used for php code injection and execution.

Password: 12345"; echo "PHP Code"; $aaa="

Solution.

Solution for "PHP Code Execution in Alguest" is not available. Check vendor's website for updates.