nodeping.php allows unauthenticated remote code execution, possibly as root

[cathyjf]

The file nodeping.php allows unauthenticated arbitrary command execution, possibly as root (depending on the contents of /etc/sudoers):

$typtest = (isset($_GET['typtest']) ? $_GET['typtest'] : (isset($_POST['typtest']) ? $_POST['typtest'] : 'icmp'));
/* irrelevant code excerpted for brevity */
$ping = exec("sudo $pinger --ip=".$ipek." --ps=".$packetsize." --t=".$typtest);

An attacker can specify a crafted value of $typtest to execute arbitrary code. If /etc/sudoers allows arbitrary commands, then the attacker can use something like && code-to-run-as-root. If /etc/sudoers does not allow arbitrary commands, the attacker can still use something like ; arbitrary-code to run arbitrary code as the user excecuting the script, which is still extremely powerful (and might allow escalating to root through other vectors).