BasiliX Arbitrary Command Execution Vulnerability

Summary
The remote web server contains a PHP script that is prone to arbitrary command execution. Description : The remote host appears to be running a version of BasiliX between 1.0.2beta or 1.0.3beta. In such versions, the script 'login.php3' fails to sanitize user input, which enables a remote attacker to pass in a specially crafted value for the parameter 'username' with arbitrary commands to be executed on the target using the permissions of the web server.
Solution
Upgrade to BasiliX version 1.1.0 or later.