Multiple command injection vulnerabilities exist in openWB version 1.7 and older. Each allows an unauthenticated user to execute arbitrary OS commands on the host. In the default configuration of openWB, commands can be executed with root privileges.
/tmp/haxhas been created on the server, containing the output of
Unsanitized user input is passed to
system() at callback_lp.php:4, callback_lp1.php:4 and callback_lp2.php:4.
An unauthorized user is able to execute arbitrary OS commands.
In the default openWB configuration, the
www-data user is given unconstrained sudo access. For this reason, any command can trivially be executed with root privileges.
Sanitize the user input using a function such as
escapeshellargs() before passing it to