Deserialization of untrusted data

2009-05-0520:30:00

PRIOn knowledge base

www.prio-n.com

7.1 High

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

77.9%

JSON

CMD_DB in JBMC Software DirectAdmin before 1.334 allows remote authenticated users to gain privileges via shell metacharacters in the name parameter during a restore action.

CPENameOperatorVersion
directadmineq1.16
directadmineq1.02
directadmineq1.17
directadmineq1.282
directadmineq1.235
directadmineq1.231
directadmineq1.05
directadmineq1.281
directadmineq1.255
directadmineq1.205

Name	Operator	Version
directadmin	eq	1.16
directadmin	eq	1.02
directadmin	eq	1.17
directadmin	eq	1.282
directadmin	eq	1.235
directadmin	eq	1.231
directadmin	eq	1.05
directadmin	eq	1.281
directadmin	eq	1.255
directadmin	eq	1.205

Rows per page:

1-10 of 1151

References

archives.neohapsis.com/archives/fulldisclosure/2009-04/0228.html

osvdb.org/54015

secunia.com/advisories/34861

www.directadmin.com/features.php?id=968

exchange.xforce.ibmcloud.com/vulnerabilities/50167