3 matches found
CVE-2012-10037
PhpTax 0.8 is affected by a remote code execution in drawimage.php. The pfilez GET parameter is passed directly to exec() without sanitization, allowing an attacker to inject arbitrary shell commands and execute code in the web server context without authentication. Multiple sources (NVD, Red Hat...
PhpTax 0.8 - File Manipulation 'newvalue' / Remote Code Execution
,--^----------,--------,-----,-------^--, | ||||||||| --------' | O .. CWH Underground Hacking Team .. +---------------------------^----------| ,-------, | / XXXXXX /| / / XXXXXX / \ / / XXXXXX /\ / XXXXXX / / XXXXXX / ------' Exploit Title : PhpTax File Manipulationnewvalue,field Remote Code...
PhpTax pfilez Parameter Exec Remote Code Injection
This module exploits a vulnerability found in PhpTax, an income tax report generator. When generating a PDF, the icondrawpng function in drawimage.php does not properly handle the pfilez parameter, which will be used in an exec statement, and then results in arbitrary remote code execution under...