#7 PHPix Remote Arbitrary Command Execution Vulnerability

[Jerry Albro]

See http://www.securityfocus.com/bid/9458/discussion/

"It has been reported that PHPix is vulnerable to a
remote command execution vulnerability due to poor
handling of externally supplied data such as shell
metacharacters. This issue may allow unauthorized
access to the affected system with the privileges of
the web server hosting the vulnerable program."

I have verified the sample exploits do work.

[dude69]

Logged In: YES
user_id=523142

Well... since nobody cares about this problem - a short
comment from my side:

I guess dropping theese line into the index.php / phtml should
catch the most part of the scriptkiddies trying to get your
passwd-file mailed:

$mode = escapeshellcmd($mode);
$album = escapeshellcmd($album);
$pic = escapeshellcmd($pic);
$dispsize = escapeshellcmd($dispsize);

I would insert theese lines in the very upper beginning of the
files... right befor the include()'s

Greetz Valki