Article Source Debian Security Advisories
December 11, 2009, 4:00 pm
December 11, 2009, 4:00 pm
It was discovered that php-net-ping, a PHP PEAR module to execute ping independently of the Operating System, performs insufficient input sanitising, which might be used to inject arguments (no CVE yet) or execute arbitrary commands (CVE-2009-4024) on a system that uses php-net-ping…