Description
Anon Proxy Server 0.100, and probably 0.101, allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the host parameter to diagdns.php, and (2) the host parameter and possibly (3) the port parameter to diagconnect.php, a different vulnerability than CVE-2007-6460.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Michael Brooks · textwebappsphp
https://www.exploit-db.com/exploits/4734
References (6)
Core 6
Core References
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/485151/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/43711
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/43712
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/26882
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/3463
Exploit, Third Party Advisory exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/4734
Scores
EPSS
0.0530
EPSS Percentile
90.1%
Details
CWE
CWE-94
Status
published
Products (1)
anon_proxy_server/anon_proxy_server
0.100
Published
Dec 20, 2007
Tracked Since
Feb 18, 2026