op5 Portal Arbitrary Command Execution
Critical Nessus Plugin ID 57576
SynopsisThe remote web server hosts a PHP application that is vulnerable to arbitrary command execution.
DescriptionThe version of op5 Config hosted on the remote web server is earlier than 1.6.2. As such, it contains a flaw in the 'license.php' script that allows a remote, unauthenticated attacker to run arbitrary commands with the privileges of the web user simply by enclosing them in backticks in the timestamp field.
SolutionUpgrade op5 Portal to version 1.6.2 or later.