QuickBox is a media server application and service management system from the QuickBox team. A code injection vulnerability exists in QuickBox Pro v2.5.8 and below due to a variable in the config.php file that accepts a GET parameter value and parses it as shell_exec() and fails to properly clean up any shell parameters. An attacker could use this vulnerability to remotely execute code.
CPE | Name | Operator | Version |
---|---|---|---|
quickbox quickbox pro <=v | eq | 2.5.8 | |
quickbox quickbox community | le | 2.5.8 |