Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-1147

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2004-1147
Last Modified 10 Sep 2008 03:29:19
Published 10 Jan 2005 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-1147

Summary

phpMyAdmin 2.6.0-pl2, and other versions before 2.6.1, with external transformations enabled, allows remote attackers to execute arbitrary commands via shell metacharacters.

Vulnerable Systems

Application

  • Phpmyadmin 2.4.0

  • Phpmyadmin 2.5.0

  • Phpmyadmin 2.5.1

  • Phpmyadmin 2.5.2

  • Phpmyadmin 2.5.4

  • Phpmyadmin 2.5.5

  • Phpmyadmin 2.5.5 Pl1

  • Phpmyadmin 2.5.5 Rc1

  • Phpmyadmin 2.5.5 Rc2

  • Phpmyadmin 2.5.6 Rc1

  • Phpmyadmin 2.5.7

  • Phpmyadmin 2.5.7 Pl1

  • Phpmyadmin 2.6.0 Pl1

  • Phpmyadmin 2.6.0 Pl2

  • Phpmyadmin 2.6.0 Pl3


References

XF - phpmyadmin-command-execute(18441)

MISC - http://www.exaprobe.com/labs/advisories/esa-2004-1213.html

BUGTRAQ - 20041213 Multiple vulnerabilities in phpMyAdmin


Last Updated: 27 May 2016 10:38:55