Dogfood CRM Remote Command Execution Vulnerability in spell.php

A remote command execution vulnerability has been identified in Dogfood CRM version 2.0.10. The issue resides in the spell.php script, which is part of the application's mail subsystem. The vulnerability is caused by unsanitized user input that is sent via a POST request to the data parameter. This input is processed by the underlying shell without proper escaping, allowing attackers to inject and execute arbitrary shell commands on the server. The vulnerability can be exploited without authentication.

Impact

Exploitation of this vulnerability allows remote attackers to execute arbitrary commands on the server, potentially leading to a full system compromise.

Reproduction

To reproduce this vulnerability, send a POST request to the spell.php script with injected shell commands in the data parameter. The exploit is most effective using the double-reverse telnet payload, due to character restrictions that can interfere with command injection.