HTTP: PHP Command Injection
This signature detects Web downloads containing a potentially dangerous PHP script. A malicious site can exploit a known vulnerability in multiple PHP applications and execute arbitrary PHP commands on the victim's server.
Extended Description
phpMyAdmin is prone to a remote PHP code-injection vulnerability. An attacker can exploit this issue to inject and execute arbitrary malicious PHP code in the context of the webserver process. This may facilitate a compromise of the application and the underlying system; other attacks are also possible. Versions prior to phpMyAdmin 2.11.9.5 and 3.1.3.1 are vulnerable.
Affected Products
Debian linux
References
BugTraq: 35467 34236 63411 37314 51647 30135 50331 98545 55399 51576 54464 54292 50706 57603
CVE: CVE-2017-6090
URL: http://www.juniper.net/security/auto/vulnerabilities/vuln35467.html https://github.com/rapid7/metasploit-framework/pull/4076 https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-tricks-and-treats http://itsecuritysolutions.org/2012-07-01-CuteFlow-2.11.2-multiple-security-vulnerabilities/ https://www.fireeye.com/blog/threat-research/2013/08/breaking-down-the-china-chopper-web-shell-part-i.html https://www.fireeye.com/blog/threat-research/2013/08/breaking-down-the-china-chopper-web-shell-part-ii.html https://www.exploit-db.com/docs/27654.pdf https://www.us-cert.gov/ncas/alerts/TA15-313A http://traqproject.org/ http://secunia.com/advisories/49103/ http://sourceforge.net/projects/freenas/files/stable/0.7.2/NOTES%200.7.2.5543.txt/download http://krebsonsecurity.com/tag/phoenix-exploit-kit/ https://www.pwnmalw.re/Exploit%20Pack/phoenix http://xforce.iss.net/xforce/xfdb/71358 http://karmainsecurity.com/exploiting-cve-2014-1691-horde-framework-php-object-injection https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737149 https://github.com/horde/horde/commit/da6afc7e9f4e290f782eca9dbca794f772caccb3 http://www.opensyscom.fr/Actualites/egallery-arbitrary-file-upload-vulnerability.html http://contrib.spip.net/SPIP-3-0-3-2-1-16-et-2-0-21-a-l-etape-303-epate-la http://karmainsecurity.com/KIS-2014-13 https://tuleap.net/plugins/tracker/?aid=7601 http://www.trixbox.org/ http://karmainsecurity.com/KIS-2013-01 http://dleviet.com/dle/bug-fix/3281-security-patches-for-dle-97.html http://www.homelab.it/index.php/2015/04/12/wordpress-n-media-website-contact-form-shell-upload/ http://research.g0blin.co.uk/cve-2014-6446/
Short Name
HTTP:PHP:CMD-INJ
Severity
Major
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
CVE-2008-6825 CVE-2009-1151 CVE-2009-4140 CVE-2010-4279 CVE-2011-4075 CVE-2011-4825 CVE-2011-4828 CVE-2012-1153 CVE-2013-0803 CVE-2013-1412 CVE-2013-3591 CVE-2013-3629 CVE-2014-1691 CVE-2014-6446 CVE-2014-8791 CVE-2015-6967 CVE-2016-1209 CVE-2017-0372 CVE-2017-16524 CVE-2017-18048 CVE-2017-6090 CVE-2017-9080 CVE-2017-9101 CVE-2020-8644 CVE-2021-23394 CVE-2021-41675 Command Injection PHP bid:30135 bid:34236 bid:35467 bid:37314 bid:50331 bid:50706 bid:51576 bid:51647 bid:54292 bid:54464 bid:55399 bid:57603 bid:63411 bid:98545
Release Date
12/11/2008
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3657
False Positive
Frequently
Vendors
Red_hat
Phpmyadmin
Suse
Gentoo
Mandriva
Debian
CVSS Score
7.5
6.5
6.8
10.0
6.0