| VID |
21285 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The PHP Ping program allows a remote attacker to execute arbitrary commands.
PHP Ping is a freely available French Web-based ping utility written in PHP. The versions 0.1 and earlier have a vulnerability that allows a remote attacker to execute commands on the system, caused by improper filtering of shell metacharacters by the PHPing() function. By sending a specially-crafted URL request containing shell metacharacters embedded within a PHP parameter value, a remote attacker can execute the arbitrary command on the system, once the URL request is processed.
* References:
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0112.html
* Platforms Affected:
PHP Group PHP Ping 0.1 and earlier
Microsoft Windows Any version |
| Recommendation |
No upgrade or patch available as of June 2014.
As a workaround, an unofficial patch was provided by Gregory Le Bras. For more details, see the following site:
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0112.html |
| Related URL |
(CVE) |
| Related URL |
7030 (SecurityFocus) |
| Related URL |
11400 (ISS) |
|
