CVE-2008-0148 Information

Description

TUTOS 1.3 does not restrict access to php/admin/cmd.php which allows remote attackers to execute arbitrary shell commands via the cmd parameter in a direct request.

Reference

http://secunia.com/advisories/28291 https://exchange.xforce.ibmcloud.com/vulnerabilities/39531 https://www.exploit-db.com/exploits/4861