PhpSmsSend Remote Shell Command Execution Vulnerability

PhpSmsSend Remote Shell Command Execution Vulnerability

PhpSmsSend is a front end to the SmsSend program, and allows users to send SMS messages through a web interface. SmsSend is available for Linux and Microsoft Windows.

PhpSmsSend does not properly validate user supplied input which is passed to a shell command. It is possible to execute arbitrary shell commands as the web server, generally user 'nobody'. This may lead to local access to the vulnerable system.