vendor:
exV2
by:
retrog
7.5
CVSS
HIGH
Remote command execution
CWE
Product Name: exV2
Affected Version From: exV2 <= 2.0.4.3
Affected Version To: exV2 <= 2.0.4.3
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested:
exV2 <= 2.0.4.3 extract() remote commands execution exploit
This exploit allows an attacker to execute remote commands on the target server using the exV2 software. It works regardless of the php.ini settings and has two different exploit methods for register_globals=on or off.
Mitigation:
Update to a patched version of exV2 software.
