All versions of buttle
are vulnerable to command injection. Remote command execution is possible when buttle
is run with the --php-bin
flag.
No fix is currently available for this vulnerability. It is our recommendation to not install or use this module at this time.