Arbitrary Command Execution in Domain Technologie Control (DTC) Packager

Arbitrary Command Execution in Domain Technologie Control (DTC) Packager

CVE-2011-5274 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

The drawAdminTools_PackageInstaller function in shared/inc/forms/packager.php in Domain Technologie Control (DTC) before 0.32.11 allows remote attackers to execute arbitrary commands via shell metacharacters in the dtcpkg_directory parameter in a do_install action to dtc/.

Learn more about our Web Application Penetration Testing UK.