cbcvebase.
CVE-2015-2208
published 2015-03-12

CVE-2015-2208: The saveObject function in moadmin.php in phpMoAdmin 1.1.2 allows remote attackers to execute arbitrary commands via shell metacharacters in the object…

PriorityP180high7.5CVSS 2.0
AVNACLAuNCPIPAP
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
61.96%
99.1th percentile
The saveObject function in moadmin.php in phpMoAdmin 1.1.2 allows remote attackers to execute arbitrary commands via shell metacharacters in the object parameter.

Affected

1 ranges
VendorProductVersion rangeFixed in
avinuphpmoadmin

Detection & IOCsextracted from sources · hover to see the quote

path/moadmin.php
path/moadmin/moadmin.php
commandobject=1;system('id');exit
filenamemoadmin.php
  • Detect HTTP POST requests to moadmin.php containing shell metacharacters or PHP code injection patterns in the 'object' POST parameter (e.g., semicolons followed by system/exec calls).
  • The vulnerability is triggered when the 'object' POST parameter is passed to eval() without sanitization; monitor for eval() execution paths in moadmin.php originating from POST data.
  • The exploit module targets the multi/http path; look for unauthenticated POST requests to moadmin.php from external IPs with non-trivial 'object' parameter values.
  • ·The vulnerable code path is only reachable when the HTTP POST parameter 'object' is set; exploitation does not require any prior authentication or session.
  • ·The affected version is specifically phpMoAdmin 1.1.2; confirm version before applying detections to avoid false positives on patched deployments.

CVSS provenance

nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vulncheck7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.