2010/4/18 MustLive <mustlive@xxxxxxxxxxxxxxxxxx>: > > Command Execution: > > It's possible to upload arbitrary files (shell upload) via module “Banner > system” in admin panel. > This is not a command execution vulnerability but an arbitrary file upload vulnerability with very very low risk (you need to know the access to the control panel). Many web hosting provider doesn't allow an user to execute commands using the classic functions, such as system, shell_execute and others. -- Salvatore Fresta aka Drosophila http://www.salvatorefresta.net CWNP444351
