PhpSmsSend Remote Shell Command Execution Vulnerability

PhpSmsSend is a front end to the SmsSend program, and allows users to send SMS messages through a web interface. SmsSend is available for Linux and Microsoft Windows.

PhpSmsSend does not properly validate user supplied input which is passed to a shell command. It is possible to execute arbitrary shell commands as the web server, generally user 'nobody'. This may lead to local access to the vulnerable system.


 

Privacy Statement
Copyright 2010, SecurityFocus