Description

phpMyAdmin 2.2.0rc3 and earlier allows remote attackers to execute arbitrary commands by inserting them into (1) the strCopyTableOK argument in tbl_copy.php, or (2) the strRenameTableOK argument in tbl_rename.php.

Remediation

References

CVE-2001-1060

Related Vulnerabilities

PHP Out-of-bounds Read Vulnerability (CVE-2016-9935)

WordPress Plugin Keyword Meta Cross-Site Request Forgery (3.0)

WordPress Plugin ShiftNav-Responsive Mobile Menu Cross-Site Scripting (1.7.1)

WordPress Plugin SpamTask Arbitrary File Upload (1.3.6)

WordPress Plugin Ninja Forms with File Uploads Extension Cross-Site Scripting (3.3.12)

Severity

High

Classification

CVE-2001-1060

Tags

Missing Update Known Vulnerabilities