Executive Summary
| Informations | |||
|---|---|---|---|
| Name | CVE-2001-1060 | First vendor Publication | 2001-07-31 |
| Vendor | Cve | Last vendor Modification | 2009-04-03 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
|---|---|---|---|
| Cvss Base Score | 7.5 | Attack Range | Network |
| Cvss Impact Score | 6.4 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| phpMyAdmin 2.2.0rc3 and earlier allows remote attackers to execute arbitrary commands by inserting them into (1) the strCopyTableOK argument in tbl_copy.php, or (2) the strRenameTableOK argument in tbl_rename.php. |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1060 |
CPE : Common Platform Enumeration
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 8401 | phpMyAdmin tbl_rename.php Arbitrary Command Execution phpMyAdmin contains a flaw that may allow a remote malicious user to execute arbitrary commands. The issue arises due to the eval() function not properly checking input within the tbl_rename.php script which can be exploited by sending a specially crafted URL to the page. It is possible that the flaw may allow remote execution of arbitrary commands within the permissions context of the web server's user and group. This could result in a loss of system integrity. |
| 8400 | phpMyAdmin tbl_copy.php Arbitrary Command Execution phpMyAdmin contains a flaw that may allow a remote malicious user to execute arbitrary commands. The issue arises due to the eval() function not properly checking input within tbl_copy.php which can be exploited by sending a specially crafted URL to the page. It is possible that the flaw may allow remote execution of arbitrary commands within the permissions context of the web server's user and group. This could result in a loss of system integrity. |
Sources (Detail)
| Source | Url |
|---|---|
| BID | http://www.securityfocus.com/bid/3121 |
| BUGTRAQ | http://www.securityfocus.com/archive/1/200596 |
| MISC | http://freshmeat.net/redir/phpmyadmin/8001/url_changelog/ |
Alert History
| Date | Informations |
|---|---|
| 2021-05-04 12:01:30 |
|
| 2021-04-22 01:01:38 |
|
| 2020-05-23 00:14:46 |
|
| 2013-05-11 12:06:03 |
|
