Synopsis :

The bibliography application hosted on the remote web server has a
command injection vulnerability.

Description :

Basilic, a bibliography server for research laboratories, has a
command injection vulnerability. Input to the file parameter of
diff.php is not properly sanitized. A remote, unauthenticated
attacker could exploit this to execute arbitrary shell commands.

See also :

http://archives.neohapsis.com/archives/bugtraq/2012-07/0002.html

Solution :

There is no known solution at this time.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 7.1
(CVSS2#E:F/RL:U/RC:ND)
Public Exploit Available : true