PHPNetToolpack Insecure Search Path Vulnerability

PHPNetToolpack provides a web interface for finger, whois and traceroute. It is written in PHP and will run on most Unix and Linux variants.

PHPNetToolpack does not use an absolute path when searching for the traceroute program. As a result, a local attacker may be able to trick PHPNetToolpack to execute arbitrary attacker-supplied code with the privileges of the webserver.


Privacy Statement
Copyright 2010, SecurityFocus