BXCP Index.PHP Input Validation PHP Script Execution Vulnerability

BXCP Index.PHP Input Validation PHP Script Execution Vulnerability

BXCP is reported prone to an access restriction bypass vulnerability. It is reported that due to a lack of input sanitization the 'show' URI parameter passed to the 'index.php' script can be used to render any PHP script that resides on a vulnerable computer.

A remote attacker may exploit this vulnerability to render PHP scripts that are supposed to be restricted.

The vulnerability may also be exploited by an attacker that has local access to a target computer to run arbitrary PHP code with the privileges of the web server process.