VYPR
Get started
← All advisories
Unrated severityNVD Advisory· Published Mar 21, 2014· Updated May 6, 2026

CVE-2011-5274

CVE-2011-5274

Description

The drawAdminTools_PackageInstaller function in shared/inc/forms/packager.php in Domain Technologie Control (DTC) before 0.32.11 allows remote attackers to execute arbitrary commands via shell metacharacters in the dtcpkg_directory parameter in a do_install action to dtc/.

Affected products

34
  • Gplhost/Domain Technologie Control34 versions
    cpe:2.3:a:gplhost:domain_technologie_control:*:*:*:*:*:*:*:*+ 33 more
    • cpe:2.3:a:gplhost:domain_technologie_control:*:*:*:*:*:*:*:*range: <=0.32.7
    • cpe:2.3:a:gplhost:domain_technologie_control:0.24.6:*:*:*:*:*:*:*
    • cpe:2.3:a:gplhost:domain_technologie_control:0.25.1:*:*:*:*:*:*:*
    • cpe:2.3:a:gplhost:domain_technologie_control:0.25.2:*:*:*:*:*:*:*
    • cpe:2.3:a:gplhost:domain_technologie_control:0.25.3:*:*:*:*:*:*:*
    • cpe:2.3:a:gplhost:domain_technologie_control:0.26.7:*:*:*:*:*:*:*
    • cpe:2.3:a:gplhost:domain_technologie_control:0.26.8:*:*:*:*:*:*:*
    • cpe:2.3:a:gplhost:domain_technologie_control:0.26.9:*:*:*:*:*:*:*
    • cpe:2.3:a:gplhost:domain_technologie_control:0.27.3:*:*:*:*:*:*:*
    • cpe:2.3:a:gplhost:domain_technologie_control:0.28.10:*:*:*:*:*:*:*
    • cpe:2.3:a:gplhost:domain_technologie_control:0.28.2:*:*:*:*:*:*:*
    • cpe:2.3:a:gplhost:domain_technologie_control:0.28.3:*:*:*:*:*:*:*
    • cpe:2.3:a:gplhost:domain_technologie_control:0.28.4:*:*:*:*:*:*:*
    • cpe:2.3:a:gplhost:domain_technologie_control:0.28.6:*:*:*:*:*:*:*
    • cpe:2.3:a:gplhost:domain_technologie_control:0.28.9:*:*:*:*:*:*:*
    • cpe:2.3:a:gplhost:domain_technologie_control:0.29.1:*:*:*:*:*:*:*
    • cpe:2.3:a:gplhost:domain_technologie_control:0.29.10:*:*:*:*:*:*:*
    • cpe:2.3:a:gplhost:domain_technologie_control:0.29.14:*:*:*:*:*:*:*
    • cpe:2.3:a:gplhost:domain_technologie_control:0.29.15:*:*:*:*:*:*:*
    • cpe:2.3:a:gplhost:domain_technologie_control:0.29.16:*:*:*:*:*:*:*
    • cpe:2.3:a:gplhost:domain_technologie_control:0.29.17:*:*:*:*:*:*:*
    • cpe:2.3:a:gplhost:domain_technologie_control:0.29.6:*:*:*:*:*:*:*
    • cpe:2.3:a:gplhost:domain_technologie_control:0.29.8:*:*:*:*:*:*:*
    • cpe:2.3:a:gplhost:domain_technologie_control:0.30.10:*:*:*:*:*:*:*
    • cpe:2.3:a:gplhost:domain_technologie_control:0.30.18:*:*:*:*:*:*:*
    • cpe:2.3:a:gplhost:domain_technologie_control:0.30.20:*:*:*:*:*:*:*
    • cpe:2.3:a:gplhost:domain_technologie_control:0.30.6:*:*:*:*:*:*:*
    • cpe:2.3:a:gplhost:domain_technologie_control:0.30.8:*:*:*:*:*:*:*
    • cpe:2.3:a:gplhost:domain_technologie_control:0.32.1:*:*:*:*:*:*:*
    • cpe:2.3:a:gplhost:domain_technologie_control:0.32.2:*:*:*:*:*:*:*
    • cpe:2.3:a:gplhost:domain_technologie_control:0.32.3:*:*:*:*:*:*:*
    • cpe:2.3:a:gplhost:domain_technologie_control:0.32.4:*:*:*:*:*:*:*
    • cpe:2.3:a:gplhost:domain_technologie_control:0.32.5:*:*:*:*:*:*:*
    • cpe:2.3:a:gplhost:domain_technologie_control:0.32.6:*:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

2

News mentions

0

No linked articles in our index yet.