Nondeterministic Postrequisite Metaprotocol
Severity: critical

Command Injection

buttle

Overview

All versions of buttle are vulnerable to command injection. Remote command execution is possible when buttle is run with the --php-bin flag.

Remediation

No fix is currently available for this vulnerability. It is our recommendation to not install or use this module at this time.

Resources

Advisory timeline

  1. published

    Advisory published
    May 16th, 2018
  2. reported

    May 16th, 2018