PHP Net Tools Nettools.PHPArbitrary Shell Command Execution Vulnerability

Bugtraq ID:	17601
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Apr 19 2006 12:00AM
Updated:	Apr 19 2006 10:06PM
Credit:	FOX_MULDER is credited with the discovery of this vulnerability.
Vulnerable:	PHP Net Tools PHP Net Tools 2.7.1
Not Vulnerable:

PHP Net Tools Nettools.PHPArbitrary Shell Command Execution Vulnerability

PHP Net Tools is prone to an arbitrary command-execution vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.

An attacker can exploit this issue to execute arbitrary shell commands on the vulnerable computer in the context of the webserver process.

This issue affects PHP Net Tools version 2.7.1; other versions may also be vulnerable.

PHP Net Tools Nettools.PHPArbitrary Shell Command Execution Vulnerability

This issue can be exploited through a web client.

The following exploit is available:

• /data/vulnerabilities/exploits/PHPNetTools-rce.pl

PHP Net Tools Nettools.PHPArbitrary Shell Command Execution Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]

PHP Net Tools Nettools.PHPArbitrary Shell Command Execution Vulnerability

References:

• PHP Net Tools Homepage (PHP Net Tools)