A vulnerability has been identified in IDMOS, which could be exploited by remote attackers to compromise a vulnerable web server. This issue is caused by an input validation error in the "core/aural.php" script when processing the "site_absolute_path" parameter, which could be exploited by remote attackers to include malicious PHP scripts and execute arbitrary commands with the privileges of the web server.
Note : Other input validation errors have been identified in the "error.php" and "templates/simple/ia.php" scripts when processing the "err_msg" and "content" parameters, which could be exploited by attackers to cause arbitrary scripting code to be executed by the user's browser in the security context of an affected Web site.
Vulnerable Products
Vulnerable Software: IDMOS (Phoenix) version 1.0 beta and prior
