vendor:
by:
ThE dE@Th
7.5
CVSS
HIGH
Code Execution
94
CWE
Product Name:
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested:
2007
Code Execution Vulnerability in index.php
The vulnerability allows an attacker to execute arbitrary code on the server by exploiting a parameter in the index.php file. The attacker can provide a malicious value for the 'rootpath' parameter, which is not properly validated or sanitized, allowing for remote code execution.
Mitigation:
To mitigate this vulnerability, it is recommended to implement proper input validation and sanitization techniques on the 'rootpath' parameter. Additionally, ensure that the server is running the latest patched version of the software.