CVE-2011-5274

Name of the Vulnerable Software and Affected Versions Domain Technologie Control (DTC) versions prior to 0.32.11

Description The issue allows remote attackers to execute arbitrary commands. This is achieved by injecting shell metacharacters into the dtcpkg directory parameter in a do install action to dtc/.

Recommendations For versions prior to 0.32.11, update to version 0.32.11 or later to resolve the issue. As a temporary workaround, consider restricting access to the drawAdminTools PackageInstaller function in shared/inc/forms/packager.php to minimize the risk of exploitation. Avoid using the dtcpkg directory parameter in the affected do install action to dtc/ until the issue is resolved.