IBM OpenAdmin Tool SOAP welcomeServer PHP Code Execution

IBM OpenAdmin Tool SOAP welcomeServer PHP Code Execution

This Metasploit module exploits an unauthenticated remote PHP code execution vulnerability in IBM OpenAdmin Tool included with IBM Informix versions 11.5, 11.7, and 12.1. The ‘welcomeServer’ SOAP service does not properly validate user input in the ‘new_home_page’ parameter of the ‘saveHomePage’ method allowing arbitrary PHP code to be written to the config.php file. The config.php […]

The post IBM OpenAdmin Tool SOAP welcomeServer PHP Code Execution appeared first on MondoUnix.