PT-2007-2833 · Bitesser · Mysql Commander

K-159

Published

2007-03-13

Updated

2018-10-16

CVE-2007-1439

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions bitesser MySQL Commander versions 2.7 and earlier

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the home parameter when register globals is enabled.

Recommendations For bitesser MySQL Commander versions 2.7 and earlier, consider disabling the register globals setting to prevent exploitation until a patch is available. Restrict access to the ressourcen/dbopen.php file to minimize the risk of arbitrary PHP code execution.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2007-1439

Affected Products

Mysql Commander

PT-2007-2833 · Bitesser · Mysql Commander

CVE-2007-1439

Related Identifiers

Affected Products

References · 9