Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2004-1147 — Phpmyadmin vulnerability

5 documents5 sources

Severity

10.0CRITICALNVD

EPSS

4.6%

top 10.78%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Phpmyadmin Debian Phpmyadmin

Timeline

PublishedJan 10

Latest updateApr 29

Description

phpMyAdmin 2.6.0-pl2, and other versions before 2.6.1, with external transformations enabled, allows remote attackers to execute arbitrary commands via shell metacharacters.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages3 packages

▶debiandebian/phpmyadmin< phpmyadmin 2:2.6.1-rc1-1 (bookworm)

▶Debianphpmyadmin/phpmyadmin< 2:2.6.1-rc1-1+3

▶NVDphpmyadmin/phpmyadmin15 versions+14

🔴Vulnerability Details

GHSA

GHSA-q8p5-hgjr-4chh: phpMyAdmin 2↗2022-04-29

▶

OSV

CVE-2004-1147: phpMyAdmin 2↗2005-01-10

▶

💥Exploits & PoCs

Exploit-DB

phpMyAdmin 2.x - External Transformations Remote Command Execution↗2004-12-13

▶

📋Vendor Advisories

Debian

CVE-2004-1147: phpmyadmin - phpMyAdmin 2.6.0-pl2, and other versions before 2.6.1, with external transformat...↗2004

▶