CyberSec.Space Logo
Back to CVE Browser

CVE-2009-4024

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1960%
EPSS Percentile42.78th
PublishedNov 29, 2009
Last ModifiedApr 23, 2026

Vulnerability Description

Argument injection vulnerability in the ping function in Ping.php in the Net_Ping package before 2.4.5 for PEAR allows remote attackers to execute arbitrary shell commands via the host parameter. NOTE: this has also been reported as a shell metacharacter problem.

Affected Platforms (CPE)

πŸ“¦
Pear

Pear

<= 2.4.4
πŸ“¦
Pear

Pear

= 0.1
πŸ“¦
Pear

Pear

= 1.0
πŸ“¦
Pear

Pear

= 1.0.1
πŸ“¦
Pear

Pear

= 2.1
πŸ“¦
Pear

Pear

= 2.2
πŸ“¦
Pear

Pear

= 2.3
πŸ“¦
Pear

Pear

= 2.4
πŸ“¦
Pear

Pear

= 2.4.1
πŸ“¦
Pear

Pear

= 2.4.2
πŸ“¦
Pear

Pear

= 2.4.3

References & Advisories

πŸ”— http://blog.pear.php.net/2009/11/14/net_traceroute-and-net_ping-security-advisory/
πŸ”— http://pear.php.net/advisory20091114-01.txt
πŸ”— http://pear.php.net/package/Net_Ping/download/2.4.5
πŸ”— http://secunia.com/advisories/37451
πŸ”— http://secunia.com/advisories/37502
πŸ”— http://svn.php.net/viewvc/pear/packages/Net_Ping/trunk/Ping.php?r1=274728&r2=290669&pathrev=290669
πŸ”— http://www.debian.org/security/2009/dsa-1949
πŸ”— http://www.securityfocus.com/bid/37093

Related Vulnerabilities

CVE-2009-402510.0

Argument injection vulnerability in the traceroute function in Traceroute.php in the Net_Traceroute package before 0.21.2 for PEAR...

CVE-2005-473010.0

Unspecified vulnerability in PEAR Text_Password 1.0 has unknown impact and attack vectors, related to "problematic seeding" of the...

CVE-2021-293779.8

Pear Admin Think through 2.1.2 has an arbitrary file upload vulnerability that allows attackers to execute arbitrary code remotely...

CVE-2018-19990229.8

PEAR HTML_QuickForm version 3.2.14 contains an eval injection (CWE-95) vulnerability in HTML_QuickForm's getSubmitValue method, HT...