Description
An issue was discovered in phpMyAdmin. A user can execute a remote code execution attack against a server when phpMyAdmin is being run as a CGI application. Under certain server configurations, a user can pass a query string which is executed as a command-line argument by the file generator_plugin.sh. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.
Remediation
References
Related Vulnerabilities
WordPress Plugin WordPress Photo Gallery by Gallery Bank Cross-Site Scripting (3.0.228)
WordPress Plugin All-In-One Security (AIOS)-Security and Firewall Cross-Site Scripting (4.2.1)
Liferay Portal CVE-2021-33330 Vulnerability (CVE-2021-33330)
WordPress Plugin Process Steps Template Designer Cross-Site Request Forgery (1.2.1)