Fujian Kelixun Command and Dispatch Management Platform OS Command Injection Vulnerability

A critical command injection vulnerability has been identified in Fujian Kelixun version 1.0, specifically within the '/app/fax/fax_view.php' file. The vulnerability arises from inadequate validation of the 'fax_file' parameter, allowing attackers to inject malicious system commands that are executed without proper sanitization. This exploitation enables unauthorized control over the target server, potentially leading to a complete compromise of the system.

Impact

Exploitation of this vulnerability allows attackers to execute arbitrary commands on the server, gaining unauthorized access to the operating system. This could result in unauthorized control over the system, leakage or manipulation of sensitive data, disruption of services, and a serious overall threat to system security and business operations.

Reproduction

The vulnerability can be reproduced by sending a POST request to '/app/fax/fax_view.php' with a crafted 'fax_file' parameter that includes injected commands. The injected commands are executed on the server, demonstrating the command injection flaw.