Bug #6474
Updated by Jim Pingle almost 8 years ago
Command injection is possible using the id parameter on pkg_mgr_install.php <pre> http://ip/pkg_mgr_install.php?id=firmware`/path/to/some/command` </pre> http://<ip>/pkg_mgr_install.php?id=firmware`/path/to/some/command` Renato fixed it yesterday, adding this for tracking purposes.