SMBlog 1.2 - Arbitrary PHP Command Execution

2006-03-01T00:00:00
ID EXPLOITPACK:A72008C4D172F56D3467EC17D5CB17F9
Type exploitpack
Reporter botan
Modified 2006-03-01T00:00:00

Description

SMBlog 1.2 - Arbitrary PHP Command Execution

                                        
                                            source: https://www.securityfocus.com/bid/16905/info

SMBlog is prone to an arbitrary command-execution vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.

An attacker can exploit this issue to execute arbitrary PHP commands on the vulnerable computer in the context of the webserver process.

http://www.example.com/?pg=evilcode?&cmd=id