CVEブラウザに戻る

CVE-2009-4025

CRITICAL

10.0

CVSS Severity Score

EPSS Score0.0990%

EPSS Percentile0.37th

Published2009年11月29日

Last Modified2026年4月23日

Vulnerability Description

Argument injection vulnerability in the traceroute function in Traceroute.php in the Net_Traceroute package before 0.21.2 for PEAR allows remote attackers to execute arbitrary shell commands via the host parameter. NOTE: some of these details are obtained from third party information.

Affected Platforms (CPE)

📦

Pear

Pear

<= 0.21.1

📦

Pear

Pear

= 0.11

📦

Pear

Pear

= 0.20

📦

Pear

Pear

= 0.21

References & Advisories

🔗 http://blog.pear.php.net/2009/11/14/net_traceroute-and-net_ping-security-advisory/

🔗 http://osvdb.org/60515

🔗 http://pear.php.net/advisory20091114-01.txt

🔗 http://pear.php.net/package/Net_Traceroute/download/0.21.2

🔗 http://secunia.com/advisories/37497

🔗 http://secunia.com/advisories/37503

🔗 http://security.gentoo.org/glsa/glsa-200911-06.xml

🔗 http://www.openwall.com/lists/oss-security/2009/11/23/8

関連する脆弱性情報

CVE-2009-402410.0

Argument injection vulnerability in the ping function in Ping.php in the Net_Ping package before 2.4.5 for PEAR allows remote atta...

CVE-2005-473010.0

Unspecified vulnerability in PEAR Text_Password 1.0 has unknown impact and attack vectors, related to "problematic seeding" of the...

CVE-2021-293779.8

Pear Admin Think through 2.1.2 has an arbitrary file upload vulnerability that allows attackers to execute arbitrary code remotely...

CVE-2018-19990229.8

PEAR HTML_QuickForm version 3.2.14 contains an eval injection (CWE-95) vulnerability in HTML_QuickForm's getSubmitValue method, HT...