Vulnerability Name:

CVE-2004-1147 (CCN-18441)

Assigned:2004-12-13
Published:2004-12-13
Updated:2017-07-11
Summary:phpMyAdmin 2.6.0-pl2, and other versions before 2.6.1, with external transformations enabled, allows remote attackers to execute arbitrary commands via shell metacharacters.
CVSS v3 Severity:10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: CCN
Type: VulnWatch Mailing List, Mon Dec 13 2004 - 07:02:09 CST
Multiple vulnerabilities in phpMyAdmin

Source: MITRE
Type: CNA
CVE-2004-1147

Source: BUGTRAQ
Type: UNKNOWN
20041213 Multiple vulnerabilities in phpMyAdmin

Source: MISC
Type: UNKNOWN
http://www.exaprobe.com/labs/advisories/esa-2004-1213.html

Source: CCN
Type: GLSA-200412-19
phpMyAdmin: Multiple vulnerabilities

Source: CCN
Type: OSVDB ID: 12330
phpMyAdmin External Transformations Remote Command Execution

Source: CCN
Type: phpMyAdmin Download Web page
Downloads

Source: CCN
Type: BID-11886
phpMyAdmin Multiple Remote Vulnerabilities

Source: XF
Type: UNKNOWN
phpmyadmin-command-execute(18441)

Source: XF
Type: UNKNOWN
phpmyadmin-command-execute(18441)

Source: SUSE
Type: SUSE-SR:2004:004
SUSE Security Summary Report

Source: SUSE
Type: SUSE-SR:2004:005
SUSE Security Summary Report

Source: SUSE
Type: SUSE-SR:2005:003
SUSE Security Summary Report

Vulnerable Configuration:Configuration 1:
  • cpe:/a:phpmyadmin:phpmyadmin:2.4.0:*:*:*:*:*:*:*
  • OR cpe:/a:phpmyadmin:phpmyadmin:2.5.0:*:*:*:*:*:*:*
  • OR cpe:/a:phpmyadmin:phpmyadmin:2.5.1:*:*:*:*:*:*:*
  • OR cpe:/a:phpmyadmin:phpmyadmin:2.5.2:*:*:*:*:*:*:*
  • OR cpe:/a:phpmyadmin:phpmyadmin:2.5.4:*:*:*:*:*:*:*
  • OR cpe:/a:phpmyadmin:phpmyadmin:2.5.5:*:*:*:*:*:*:*
  • OR cpe:/a:phpmyadmin:phpmyadmin:2.5.5_pl1:*:*:*:*:*:*:*
  • OR cpe:/a:phpmyadmin:phpmyadmin:2.5.5_rc1:*:*:*:*:*:*:*
  • OR cpe:/a:phpmyadmin:phpmyadmin:2.5.5_rc2:*:*:*:*:*:*:*
  • OR cpe:/a:phpmyadmin:phpmyadmin:2.5.6_rc1:*:*:*:*:*:*:*
  • OR cpe:/a:phpmyadmin:phpmyadmin:2.5.7:*:*:*:*:*:*:*
  • OR cpe:/a:phpmyadmin:phpmyadmin:2.5.7_pl1:*:*:*:*:*:*:*
  • OR cpe:/a:phpmyadmin:phpmyadmin:2.6.0_pl1:*:*:*:*:*:*:*
  • OR cpe:/a:phpmyadmin:phpmyadmin:2.6.0_pl2:*:*:*:*:*:*:*
  • OR cpe:/a:phpmyadmin:phpmyadmin:2.6.0_pl3:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20041147
    V
    		CVE-2004-1147
    2015-11-16
    BACK
    phpmyadmin phpmyadmin 2.4.0
    phpmyadmin phpmyadmin 2.5.0
    phpmyadmin phpmyadmin 2.5.1
    phpmyadmin phpmyadmin 2.5.2
    phpmyadmin phpmyadmin 2.5.4
    phpmyadmin phpmyadmin 2.5.5
    phpmyadmin phpmyadmin 2.5.5_pl1
    phpmyadmin phpmyadmin 2.5.5_rc1
    phpmyadmin phpmyadmin 2.5.5_rc2
    phpmyadmin phpmyadmin 2.5.6_rc1
    phpmyadmin phpmyadmin 2.5.7
    phpmyadmin phpmyadmin 2.5.7_pl1
    phpmyadmin phpmyadmin 2.6.0_pl1
    phpmyadmin phpmyadmin 2.6.0_pl2
    phpmyadmin phpmyadmin 2.6.0_pl3