PHPX Multiple Administrator Command Execution Vulnerabilities

vendor:

PHPX

by:

Unknown

7.5

CVSS

HIGH

Command Execution

CWE

Product Name: PHPX

Affected Version From: Unknown

Affected Version To: Unknown

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested: Unknown

Unknown

PHPX Multiple Administrator Command Execution Vulnerabilities

PHPX is affected by multiple administrator command execution vulnerabilities. These issues allow a remote attacker to create a malicious URI link or embed a malicious URI between bbCode image tags, leading to the execution of attacker-supplied commands with administrator privileges.

Mitigation:

It is recommended to update to a patched version of PHPX or apply necessary security measures to prevent unauthorized access to administrative commands.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/10284/info

It has been reported that PHPX is affected by multiple administrator command execution vulnerabilities. These issues are due to a failure of the application to properly validate access to administrative commands.

This issue could permit a remote attacker to create a malicious URI link or embed a malicious URI between bbCode image tags, which includes hostile HTML and script code. If an unsuspecting forum administrator activated this URI, the attacker-supplied command would be carried out with the administrator's privileges. This would occur in the security context of the affected web site and would cause various administrator actions to be taken.

http://www.example.com/admin/page.php?action=delete&page_id=[VID]