CVE-2007-6459

Name of the Vulnerable Software and Affected Versions Anon Proxy Server versions 0.100 through 0.101

Description The issue allows remote attackers to execute arbitrary commands via shell metacharacters in the host parameter to "diagdns.php" and the host parameter, and possibly the port parameter to "diagconnect.php".

Recommendations For Anon Proxy Server versions 0.100 through 0.101, consider disabling access to the diagdns.php and diagconnect.php scripts until a patch is available. Restrict input for the host and port parameters in these scripts to prevent command execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.