backup.php in PHPCompta/NOALYSS prior to 6.7.2 allows remote malicious users to execute arbitrary commands via shell metacharacters in the d parameter.
Vulnerability title: Remote Command Execution in PHPCompta/NOALYSS
CVE: CVE-2014-6389
Vendor: PHPCompta
Product: PHPCompta/NOALYSS
Affected version: 671 5638
Fixed version: 672
Reported by: Jerzy Kramarz
Details:
PhpCompta 671-2 does not validate the syntax of the commands when processing backup requests from users It is possible to abuse ...