header-logo
Suggest Exploit
vendor:
PHPX
by:
Unknown
7.5
CVSS
HIGH
Command Execution
CWE
Product Name: PHPX
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested: Unknown
Unknown

PHPX Multiple Administrator Command Execution Vulnerabilities

PHPX is affected by multiple administrator command execution vulnerabilities. These issues allow a remote attacker to create a malicious URI link or embed a malicious URI between bbCode image tags, leading to the execution of attacker-supplied commands with administrator privileges.

Mitigation:

It is recommended to update to a patched version of PHPX or apply necessary security measures to prevent unauthorized access to administrative commands.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/10284/info

It has been reported that PHPX is affected by multiple administrator command execution vulnerabilities. These issues are due to a failure of the application to properly validate access to administrative commands.

This issue could permit a remote attacker to create a malicious URI link or embed a malicious URI between bbCode image tags, which includes hostile HTML and script code. If an unsuspecting forum administrator activated this URI, the attacker-supplied command would be carried out with the administrator's privileges. This would occur in the security context of the affected web site and would cause various administrator actions to be taken.

http://www.example.com/admin/page.php?action=delete&page_id=[VID]