PHPShop Remote PHP Script Execution Vulnerability

PHPShop Remote PHP Script Execution Vulnerability

Reportedly phpShop is affected by a remote PHP script execution vulnerability. This issue is due to improper validation of user-supplied variables passed to the application via URI, POST or COOKIE parameters.

This issue is present whether or not the PHP Apache module is configured with 'register_globals' turned off or on.

This issue would allow an attacker to execute arbitrary PHP scripts on an affected host; issuing commands to the underlying operating system with the privileges of the web server is possible.