CVE-2011-5274

2014-03-21T00:38:58
ID CVE-2011-5274
Type cve
Reporter NVD
Modified 2014-03-24T18:57:39

Description

The drawAdminTools_PackageInstaller function in shared/inc/forms/packager.php in Domain Technologie Control (DTC) before 0.32.11 allows remote attackers to execute arbitrary commands via shell metacharacters in the dtcpkg_directory parameter in a do_install action to dtc/.