Description

phpMyAdmin 2.2.0rc3 and earlier allows remote attackers to execute arbitrary commands by inserting them into (1) the strCopyTableOK argument in tbl_copy.php, or (2) the strRenameTableOK argument in tbl_rename.php.

Remediation

References

CVE-2001-1060

Related Vulnerabilities

WordPress Plugin Admin Columns CSV Injection (3.4.6)

ownCloud Credentials Management Errors Vulnerability (CVE-2012-5607)

WordPress Plugin Flexible Custom Post Type Cross-Site Scripting (0.1.5)

WordPress Plugin CBX Bookmark & Favorite Cross-Site Scripting (1.6.8)

WordPress Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-4046)

Severity

High

Classification

CVE-2001-1060

Tags

Missing Update Known Vulnerabilities