iWare Professional Remote Code Execution Vulnerability

info
discussion
exploit
solution
references

iWare Professional Remote Code Execution Vulnerability

An exploit is not required.

The following proof of concept is available:

http://www.example.com/[path]/admin/mods/simplechat_1.0.0/chat_panel.php?talk=1&msg=[evilcode]