Description

phpMyAdmin 2.2.0rc3 and earlier allows remote attackers to execute arbitrary commands by inserting them into (1) the strCopyTableOK argument in tbl_copy.php, or (2) the strRenameTableOK argument in tbl_rename.php.

Remediation

References

CVE-2001-1060

Related Vulnerabilities

WordPress Plugin Login as User or Customer Cross-Site Request Forgery (1.9)

Joomla! Core 1.0.x Multiple Unspecified Vulnerabilities (1.0.0 - 1.0.5)

Jetty Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-2080)

WordPress Plugin MM Forms Community 'edit_details.php' SQL Injection (1.2.3)

Drupal Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-9449)

Severity

High

Classification

CVE-2001-1060

Tags

Missing Update Known Vulnerabilities