CyberSec.Space Logo
CVEブラウザに戻る

CVE-2004-1147

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1300%
EPSS Percentile12.50th
Published2005年1月10日
Last Modified2026年4月16日

Vulnerability Description

phpMyAdmin 2.6.0-pl2, and other versions before 2.6.1, with external transformations enabled, allows remote attackers to execute arbitrary commands via shell metacharacters.

Affected Platforms (CPE)

📦
Phpmyadmin

Phpmyadmin

= 2.4.0
📦
Phpmyadmin

Phpmyadmin

= 2.5.0
📦
Phpmyadmin

Phpmyadmin

= 2.5.1
📦
Phpmyadmin

Phpmyadmin

= 2.5.2
📦
Phpmyadmin

Phpmyadmin

= 2.5.4
📦
Phpmyadmin

Phpmyadmin

= 2.5.5
📦
Phpmyadmin

Phpmyadmin

= 2.5.5_pl1
📦
Phpmyadmin

Phpmyadmin

= 2.5.5_rc1
📦
Phpmyadmin

Phpmyadmin

= 2.5.5_rc2
📦
Phpmyadmin

Phpmyadmin

= 2.5.6_rc1
📦
Phpmyadmin

Phpmyadmin

= 2.5.7
📦
Phpmyadmin

Phpmyadmin

= 2.5.7_pl1
📦
Phpmyadmin

Phpmyadmin

= 2.6.0_pl1
📦
Phpmyadmin

Phpmyadmin

= 2.6.0_pl2
📦
Phpmyadmin

Phpmyadmin

= 2.6.0_pl3

References & Advisories

🔗 http://marc.info/?l=bugtraq&m=110295781828323&w=2
🔗 http://www.exaprobe.com/labs/advisories/esa-2004-1213.html
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/18441
🔗 http://marc.info/?l=bugtraq&m=110295781828323&w=2
🔗 http://www.exaprobe.com/labs/advisories/esa-2004-1213.html
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/18441

関連する脆弱性情報

CVE-2008-725110.0

libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 creates a temporary directory with 0777 permissions, which has unknow...

CVE-2008-725210.0

libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 uses predictable filenames for temporary files, which has unknown imp...

CVE-2007-020310.0

Multiple unspecified vulnerabilities in phpMyAdmin before 2.9.2-rc1 have unknown impact and attack vectors.

CVE-2019-186229.8

An issue was discovered in phpMyAdmin before 4.9.2. A crafted database/table name can be used to trigger a SQL injection attack th...