Input passed via keys of the $_POST array to translate.php (when "mode" is set to "save") is not properly sanitized before being stored in a file into 'i18n' directory with a .php extension. This could allow authenticated users to inject and execute arbitrary PHP code.

Currently, there are no known workarounds or upgrades to correct this issue. However, the vendor has released a fix in the SVN trunk to address this vulnerability. The vendor has stated that a fix will be included in version 3.66 when it is released.

Unknown or Incomplete

• Exploit Database: 18132
• CVE ID: 2011-4337 (see also: NVD)
• Secunia Advisory ID: 45983
• Bugtraq ID: 50742
• Related OSVDB ID: 79170
• Vendor Specific Advisory URL: http://bugs.sitracker.org/view.php?id=1737
• Mail List Post: http://seclists.org/oss-sec/2011/q4/375
• Other Advisory URL: http://www.openwall.com/lists/oss-security/2011/11/22/3

• EgiX