CVE-2015-10009 – nterchange code_caller_controller.php getContent code injection

https://notcve.org/view.php?id=CVE-2015-10009

A vulnerability was found in nterchange up to 4.1.0. It has been rated as critical. This issue affects the function getContent of the file app/controllers/code_caller_controller.php. The manipulation of the argument q with the input %5C%27%29;phpinfo%28%29;/* leads to code injection. The exploit has been disclosed to the public and may be used. • https://github.com/nonfiction/nterchange_backend/commit/fba7d89176fba8fe289edd58835fe45080797d99 https://github.com/nonfiction/nterchange_backend/releases/tag/4.1.1 https://vuldb.com/?ctiid.217187 https://vuldb.com/?id.217187 • CWE-94: Improper Control of Generation of Code ('Code Injection') •