Full title: Klog Server 2.4.1 Command Injection Exploit 
Category: web applications
Platform: php
This Metasploit module exploits an unauthenticated command injection vulnerability in Klog Server versions 2.4.1 and prior. The authenticate.php file uses the user HTTP POST parameter in a call to the shell_exec() PHP function without appropriate input validation, allowing arbitrary command execution as the apache user.

# 0day.today @ http://0day.today/