OSVDB ID: 86079

Title: SLAED CMS / OpenSlaed search.html word Parameter Arbitrary PHP Code Execution

Info

Disclosure

Sep 12, 2011

Discovery

Unknown

Dates

Exploit

Sep 12, 2011

Solution

Unknown

Description

SLAED CMS and OpenSlaed contain a flaw that is triggered when certain input is not properly sanitized when it is passed via the 'word' parameter to the search.html script or via the 'search' parameter to the index.html script. This may allow a remote attacker to execute arbitrary PHP code.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Solution Unknown
Exploit: Exploit Public
Disclosure: Uncoordinated Disclosure
OSVDB: Web Related

Solution

OSVDB is not aware of a solution for this vulnerability.

Products

SLAED	OpenSlaed	1.2
SLAED	SLAED CMS	4.x

References

Exploit Database: 17824
Vendor URL: http://slaed.net/

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/86079