PT-2001-2205 · Php · Phpmyadmin

Published

2001-07-31

Updated

2009-04-03

CVE-2001-1060

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions phpMyAdmin versions 2.2.0rc3 and earlier

Description The issue allows remote attackers to execute arbitrary commands by inserting them into specific arguments in certain PHP files. This can be done by inserting commands into the strCopyTableOK argument in tbl copy.php or the strRenameTableOK argument in tbl rename.php.

Recommendations For phpMyAdmin versions 2.2.0rc3 and earlier, consider upgrading to a version that is not affected by this issue. As a temporary workaround, restrict access to the tbl copy.php and tbl rename.php files to minimize the risk of exploitation. Avoid using the strCopyTableOK and strRenameTableOK arguments in these files until the issue is resolved.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2001-1060

Affected Products

Phpmyadmin

PT-2001-2205 · Php · Phpmyadmin

CVE-2001-1060

Related Identifiers

Affected Products

References · 5