Full title: IBM 1754 GCM16 1.18.0.22011 Command Execution Vulnerability 
Category: remote exploits
Platform: windows
IBM 1754 GCM16 versions 1.18.0.22011 and below contain a flaw that allows a remote authenticated user to execute unauthorized commands as root. This flaw exist because webapp variables are not sanitized. In this case, parameters $count and $size from ping.php allow to create a special crafted URL to inject text to an exec() so it can be arbitrary used to execute any command on the KVM embedded linux.

# 0day.today @ http://0day.today/