2025-08-11 14:54:16
VulnCheck
PUBLISHED
PhpTax version 0.8 contains a remote code execution vulnerability in drawimage.php. The pfilez GET parameter is unsafely passed to the exec() function without sanitization. A remote attacker can inject arbitrary shell commands, leading to code execution under the web servers context. No authentication is required.