showCode.php in xml2owl 0.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the path parameter.
The 'xml2owl' program is prone to a vulnerability that allows attackers to execute arbitrary PHP commands.An attacker may leverage this issue to run arbitrary PHP commands with the privileges of the server process. This can compromise the application and possibly the underlying server.This issue affects xml2owl 0.1.1; other versions may be vulnerable as well.
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: email@example.com.
An attacker can exploit this vulnerability with a browser.The following proof of concept is available:http://www.example.com/showCode.php?path=;uname -a