https://www.exploit-db.com/exploits/23487

漏洞细节尚未披露

source: http://www.securityfocus.com/bid/9309/info

It has been reported that php-ping may be prone to a remote command execution vulnerability that may allow remote attackers to execute commands on vulnerable systems. The problem exists due to insufficient sanitization of shell
metacharacters via the 'count' parameter of php-ping.php script.

Exploitation would permit a remote attacker to execute arbitrary commands with the privileges of the web server hosting the vulnerable software. 

http://www.example.com/php-ping.php?count=1+%26+ls%20-l+%26&submit=Ping%21
http://www.example.com/php-ping.php?count=1+%26+cat%20/etc/passwd+%26&submit=Ping%21