automatic module_metadata_base.json update
parent
cb50d0fade
commit
4ae505be6b
|
@ -41515,6 +41515,38 @@
|
|||
"is_install_path": true,
|
||||
"ref_name": "multi/http/phpmyadmin_3522_backdoor"
|
||||
},
|
||||
"exploit_multi/http/phpmyadmin_null_termination_exec": {
|
||||
"name": "phpMyAdmin Authenticated Remote Code Execution",
|
||||
"full_name": "exploit/multi/http/phpmyadmin_null_termination_exec",
|
||||
"rank": 600,
|
||||
"disclosure_date": "2016-06-23",
|
||||
"type": "exploit",
|
||||
"author": [
|
||||
"Michal Čihař and Cure53",
|
||||
"Matteo Cantoni <goony@nothink.org>"
|
||||
],
|
||||
"description": "phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before\n 4.6.3 does not properly choose delimiters to prevent use of the preg_replace\n (aka eval) modifier, which might allow remote attackers to execute arbitrary\n PHP code via a crafted string, as demonstrated by the table search-and-replace\n implementation.",
|
||||
"references": [
|
||||
"BID-91387",
|
||||
"CVE-2016-5734",
|
||||
"CWE-661",
|
||||
"URL-https://www.phpmyadmin.net/security/PMASA-2016-27/",
|
||||
"URL-https://security.gentoo.org/glsa/201701-32",
|
||||
"URL-https://www.exploit-db.com/exploits/40185/"
|
||||
],
|
||||
"is_server": true,
|
||||
"is_client": false,
|
||||
"platform": "PHP",
|
||||
"arch": "php",
|
||||
"rport": "80",
|
||||
"targets": [
|
||||
"Automatic"
|
||||
],
|
||||
"mod_time": "2018-06-18 08:35:47 +0000",
|
||||
"path": "/modules/exploits/multi/http/phpmyadmin_null_termination_exec.rb",
|
||||
"is_install_path": true,
|
||||
"ref_name": "multi/http/phpmyadmin_null_termination_exec"
|
||||
},
|
||||
"exploit_multi/http/phpmyadmin_preg_replace": {
|
||||
"name": "phpMyAdmin Authenticated Remote Code Execution via preg_replace()",
|
||||
"full_name": "exploit/multi/http/phpmyadmin_preg_replace",
|
||||
|
|
Loading…
Reference in New Issue