[ale] [Fwd: [FD] Western Digital My Cloud vulnerable to multiple command injection vulnerabilities]

[Alex Carver]

On 2017-03-07 08:39, Chris Fowler wrote:
> PHP on the device eh?  I would assume they should be expecting to fix hacks 
> every week.....
> 


It's not PHP itself, it's WD's poor scripting.  Any language would have
been vulnerable given what they did in the example snippets provided.
They simply didn't bother to sanitize any inputs and passed them on to
the popen() and system() calls.