CVE-2008-0148

Name of the Vulnerable Software and Affected Versions TUTOS version 1.3

Description The issue allows remote attackers to execute arbitrary shell commands. This is possible due to a lack of access restriction to the "php/admin/cmd.php" endpoint, where attackers can exploit the cmd parameter in a direct request to execute shell commands.

Recommendations For TUTOS version 1.3, restrict access to the "php/admin/cmd.php" endpoint to prevent unauthorized execution of shell commands. As a temporary workaround, consider restricting the use of the cmd parameter in this endpoint until a more permanent fix is available.