PhpTax Remote Code Execution Vulnerability

A remote code execution vulnerability exists in PhpTax version 0.8 within the drawimage.php file. The issue arises because the pfilez GET parameter is passed to the exec() function without proper sanitization. This flaw allows remote attackers to inject arbitrary shell commands, executing them in the context of the web server. Exploitation of this vulnerability does not require authentication.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the server where PhpTax is hosted, under the web server's user privileges.

Reproduction

To reproduce this vulnerability, send a GET request to the drawimage.php script with the pfilez parameter set to a crafted value that includes injected commands, such as a reverse shell payload. The pdf parameter should be set to 'make' to trigger the execution. This can be done using a tool like Metasploit, which has a module available for this specific vulnerability.