Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Alguest 1.1c-patched Code Execution

🗓️ 03 Dec 2010 00:00:00Reported by Aliaksandr HartsuyeuType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 17 Views

Critical PHP code execution in Alguest 1.1c-patched

Show more
Code
`New eVuln Advisory:  
PHP Code Execution in Alguest  
Summary: http://evuln.com/vulns/153/summary.html   
Details: http://evuln.com/vulns/153/description.html   
  
-----------Summary-----------  
eVuln ID: EV0153  
Software: Alguest  
Vendor: n/a  
Version: 1.1c-patched  
Critical Level: high  
Type: PHP Code Execution  
Status: Unpatched. No reply from developer(s)  
PoC: Available  
Solution: Not available  
Discovered by: Aliaksandr Hartsuyeu ( http://evuln.com/ )  
--------Description--------  
It is possible to inject and execute arbitrary PHP code.  
All options values are written to dati/vars.php file.  
These values dont pass through any sanitation filter.  
Vulnerable script: opzioni.php  
--------PoC/Exploit--------  
PHP Code Execution Example  
All user-defined options may be used for php code injection and execution.  
  
Password: 12345"; echo "PHP Code"; $aaa="  
---------Solution----------  
Not available  
----------Credit-----------  
Vulnerability discovered by Aliaksandr Hartsuyeu  
http://evuln.com/tool/web-security.html - website security tests  
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
03 Dec 2010 00:00Current
7.4High risk
Vulners AI Score7.4
evulnalguestphp code executionunpatchedaliaksandr hartsuyeuweb security tests
17
.json
Report