ZamFoo 'date' Parameter Remote Command Injection Vulnerability

2013-06-15T00:00:00
ID EDB-ID:38598
Type exploitdb
Reporter localhost.re
Modified 2013-06-15T00:00:00

Description

ZamFoo 'date' Parameter Remote Command Injection Vulnerability. Webapps exploit for php platform

                                        
                                            source: http://www.securityfocus.com/bid/60826/info

ZamFoo is prone to a remote command-injection vulnerability.

Attackers can exploit this issue to execute arbitrary commands in the context of the application.

ZamFoo 12.0 is vulnerable; other versions may also be affected. 

http://www.example.com/cgi/zamfoo/zamfoo_do_restore_zamfoo_backup.cgi?accounttorestore=account&date=`command`