CVE-2015-10009

Name of the Vulnerable Software and Affected Versions nterchange versions up to 4.1.0

Description A critical issue affects the function getContent of the file app/controllers/code caller controller.php. The manipulation of the argument q with the input %5C%27%29;phpinfo%28%29;/* leads to code injection. The exploit has been disclosed to the public and may be used. Upgrading to version 4.1.1 is able to address this issue.

Recommendations For nterchange versions up to 4.1.0, upgrade to version 4.1.1 to address the issue. As a temporary workaround, consider restricting the input for the argument q to prevent code injection.