[原文]Argument injection vulnerability in TellMe 1.2 and earlier allows remote attackers to modify command line arguments for the Whois program and obtain sensitive information via "--" style options in the q_Host parameter.
Tellme contains a flaw that allows a remote attacker to execute arbitrary commands. This flaw exists because the application does not validate the 'q_Host' variable upon submission to the 'index.php' script, which may allow a remote attacker to access and execute arbitrary 'whois' command options resulting in a loss of integrity.
Upgrade to version 1.3 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.