Network Tool PHPNuke Addon Metacharacter Filtering Command Execution Vulnerability

Network Tool PHPNuke Addon Metacharacter Filtering Command Execution Vulnerability

From the advisory posted to Bugtraq by Cabezon AurÃ©lien <aurelien.cabezon@isecurelabs.com>:

Asking the Php script for Pinging, Nmap, or traceroute this kind of adresse
<www.somehost.com;ls -al> will allow any user to run " ls -al " command as whatever user runs the web server.