C. Mccohy

**Name of the Vulnerable Software and Affected Versions** php-exec-dir versions 4.3.2 through 4.3.7 **Description** The issue allows remote attackers to bypass restrictions and execute arbitrary commands via a backtick operator. This is possible because the backtick operator is not handled using the `php escape shell cmd` function. The estimated number of potentially affected devices worldwide is not available. **Recommendations** For php-exec-dir versions 4.3.2 through 4.3.7, consider enabling safe mode to mitigate the risk of exploitation. As a temporary workaround, restrict the use of the backtick operator until a patch is available.