User Manual does not adequately validate user input, allowing attackers to execute arbitrary commands on the server.
Unix Manual (as known as manual.php) is a PHP script used to lookup and display man pages on the web. User Manual does not adequately filter user input before passing it to the shell, allowing attackers to submit and execute arbitrary commands on the server.
Remote attackers can execute arbitrary commands on the server with privileges of the web server process.
The CERT/CC is currently unaware of a practical solution to this problem.
Thanks to Florian Hobelsberger of BlueScreen for reporting this vulnerability.
This document was written by Shawn Van Ittersum.
|Date First Published:||2002-09-26|
|Date Last Updated:||2002-09-26 22:02 UTC|