Arbitrary PHP Code Execution Vulnerability in Domain Technologie Control (DTC)

CVE-2011-5273 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:P/A:P

Directory traversal vulnerability in shared/package-installer in Domain Technologie Control (DTC) before 0.34.1 allows remote authenticated users to execute arbitrary PHP code via a .. (dot dot) in the pkg parameter in a do_install action to dtc/.

Learn more about our User Device Pen Test.