CyberSec.Space Logo
Back to CVE Browser

CVE-2009-4025

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0990%
EPSS Percentile0.37th
PublishedNov 29, 2009
Last ModifiedApr 23, 2026

Vulnerability Description

Argument injection vulnerability in the traceroute function in Traceroute.php in the Net_Traceroute package before 0.21.2 for PEAR allows remote attackers to execute arbitrary shell commands via the host parameter. NOTE: some of these details are obtained from third party information.

Affected Platforms (CPE)

πŸ“¦
Pear

Pear

<= 0.21.1
πŸ“¦
Pear

Pear

= 0.11
πŸ“¦
Pear

Pear

= 0.20
πŸ“¦
Pear

Pear

= 0.21

References & Advisories

πŸ”— http://blog.pear.php.net/2009/11/14/net_traceroute-and-net_ping-security-advisory/
πŸ”— http://osvdb.org/60515
πŸ”— http://pear.php.net/advisory20091114-01.txt
πŸ”— http://pear.php.net/package/Net_Traceroute/download/0.21.2
πŸ”— http://secunia.com/advisories/37497
πŸ”— http://secunia.com/advisories/37503
πŸ”— http://security.gentoo.org/glsa/glsa-200911-06.xml
πŸ”— http://www.openwall.com/lists/oss-security/2009/11/23/8

Related Vulnerabilities

CVE-2009-402410.0

Argument injection vulnerability in the ping function in Ping.php in the Net_Ping package before 2.4.5 for PEAR allows remote atta...

CVE-2005-473010.0

Unspecified vulnerability in PEAR Text_Password 1.0 has unknown impact and attack vectors, related to "problematic seeding" of the...

CVE-2021-293779.8

Pear Admin Think through 2.1.2 has an arbitrary file upload vulnerability that allows attackers to execute arbitrary code remotely...

CVE-2018-19990229.8

PEAR HTML_QuickForm version 3.2.14 contains an eval injection (CWE-95) vulnerability in HTML_QuickForm's getSubmitValue method, HT...