Security researcher Ebrahim Hegazy has identified a remote command execution vulnerability in a Yahoo server. Yahoo has addressed the security hole.
According to the expert, he initially found a remote PHP code injection flaw. However, he managed to escalate it to a remote code execution vulnerability.
The issue was identified on tw.user.mall.yahoo.com, but Hegazy says that the underlying server hosts several other subdomains as well.
The security hole wa…