Looking Glass lg.php DNS Lookup Field Arbitrary Command Execution
Remote / Network Access
Loss of Integrity
Looking Glass contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to 'lg.php' not properly sanitizing user input supplied to the 'DNS lookup' field, which may allow a remote attacker to execute arbitrary commands by using the pipe character resulting in a loss of integrity.
Upgrade to version 20060212 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.