AllMyGuests 0.x - Arbitrary Code Execution

ID SSV:77447
Type seebug
Reporter Root
Modified 2014-07-01T00:00:00


No description provided by source.


Reportedly the AllMyPHP application AllMyGuests is prone to a remote file include vulnerability. The issue is due to insufficient filtering of URI passed variables that are used in a 'require_once()' call.

This issue may allow a remote attacker to execute arbitrary commands on the affected system with the privileges of the web server. Other attacks may be possible as well.[cfg_serverpath]=' will contain: