e107 0.7.24 - 'cmd' Remote Command Execution

EDB-ID:

36252




Platform:

PHP

Date:

2011-10-24


source: https://www.securityfocus.com/bid/50339/info

e107 is prone to a remote command-execution vulnerability because it fails to properly validate user-supplied input.

An attacker can exploit this issue to execute arbitrary commands within the context of the vulnerable application.

e107 0.7.24 is vulnerable; other versions may also be affected. 

http://www.example.com/e107_config.php?cmd=id