CVE-2011-5274
The drawAdminTools_PackageInstaller function in shared/inc/forms/packager.php in Domain Technologie Control (DTC) before 0.32.11 allows remote attackers to execute arbitrary commands via shell metacharacters in the dtcpkg_directory parameter in a do_install action to dtc/.
Date published : 2014-03-20
http://git.gplhost.com/gitweb/?p=dtc.git;a=commitdiff;h=541d8457a6989a1a925bb866ed972a5f07c2de64